64.70.19.203 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 64.70.19.203 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 80/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: United States
Noticed: 50 times
Protocols Attacked: SSH
Countries Attacked: Afghanistan, Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Hong Kong, Ireland, Italy, Japan, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Open Ports: 80
Tor Node: No
Associated Malware Samples: 198839

MITRE ATT&CK TTPs

T1003 - OS Credential Dumping
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1023 - Shortcut Modification
T1027 - Obfuscated Files or Information
T1031 - Modify Existing Service
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1045 - Software Packing
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1060 - Registry Run Keys / Startup Folder
T1063 - Security Software Discovery
T1068 - Exploitation for Privilege Escalation
T1071.001 - Web Protocols
T1071.004 - DNS
T1071 - Application Layer Protocol
T1082 - System Information Discovery
T1088 - Bypass User Account Control
T1089 - Disabling Security Tools
T1096 - NTFS File Attributes
T1105 - Ingress Tool Transfer
T1107 - File Deletion
T1110 - Brute Force
T1112 - Modify Registry
T1113 - Screen Capture
T1119 - Automated Collection
T1129 - Shared Modules
T1132 - Data Encoding
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1147 - Hidden Users
T1158 - Hidden Files and Directories
T1176 - Browser Extensions
T1204 - User Execution
T1428 - Exploit Enterprise Resources
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1480 - Execution Guardrails
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1553.002 - Code Signing
T1560 - Archive Collected Data
T1563 - Remote Service Session Hijacking
T1568 - Dynamic Resolution
T1574 - Hijack Execution Flow
T1583.005 - Botnet
T1583 - Acquire Infrastructure
T1598 - Phishing for Information
TA0003 - Persistence
TA0004 - Privilege Escalation
TA0005 - Defense Evasion
TA0006 - Credential Access
TA0007 - Discovery
TA0009 - Collection
TA0011 - Command and Control
TA0034 - Impact
TA0040 - Impact

Passive DNS

h1926df059d6d6507f6f72b64ee52cf664.ws

Whois Information

NetRange: 64.70.0.0 - 64.70.111.255 CIDR: 64.70.0.0/18, 64.70.96.0/20, 64.70.64.0/19 NetName: CENTURYLINK-LEGACY-SAVVIS-BLK216 NetHandle: NET-64-70-0-0-1 Parent: NET64 (NET-64-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: CenturyLink Communications, LLC (CCL-534) RegDate: 2000-03-31 Updated: 2018-02-22 Ref: https://rdap.arin.net/registry/ip/64.70.0.0 OrgName: CenturyLink Communications, LLC OrgId: CCL-534 Address: 100 CENTURYLINK DR City: Monroe StateProv: LA PostalCode: 71201 Country: US RegDate: 2018-07-12 Updated: 2024-06-17 Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY: Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden. Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering. Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so. Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination. Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met. Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Our looking glass is located at: https://lookingglass.centurylink.com/ Comment: Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page: Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html Comment: Comment: For abuse issues, please email abuse@aup.lumen.com Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/CCL-534 OrgTechHandle: QIA-ARIN OrgTechName: Centurylink IP Admin OrgTechPhone: +1-877-886-6515 OrgTechEmail: ipadmin@centurylink.com OrgTechRef: https://rdap.arin.net/registry/entity/QIA-ARIN OrgRoutingHandle: RPKIR-ARIN OrgRoutingName: RPKI-ROA OrgRoutingPhone: +1-877-886-6515 OrgRoutingEmail: rpki-roa@lumen.com OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN OrgAbuseHandle: CAD54-ARIN OrgAbuseName: Centurylink Abuse Desk OrgAbusePhone: +1-877-886-6515 OrgAbuseEmail: abuse@aup.lumen.com OrgAbuseRef: https://rdap.arin.net/registry/entity/CAD54-ARIN NetRange: 64.70.19.0 - 64.70.19.255 CIDR: 64.70.19.0/24 NetName: SAVV-S235073-7 NetHandle: NET-64-70-19-0-1 Parent: CENTURYLINK-LEGACY-SAVVIS-BLK216 (NET-64-70-0-0-1) NetType: Reallocated OriginAS: Organization: Worldsite.WS (WORLD-119) RegDate: 2008-01-16 Updated: 2008-01-16 Ref: https://rdap.arin.net/registry/ip/64.70.19.0 OrgName: Worldsite.WS OrgId: WORLD-119 Address: 701 Palomer Airport Road City: Carlsbad StateProv: CA PostalCode: 92009 Country: US RegDate: 2006-11-06 Updated: 2011-09-24 Ref: https://rdap.arin.net/registry/entity/WORLD-119 OrgTechHandle: CRA50-ARIN OrgTechName: Randal, Cole OrgTechPhone: +1-760-602-3000 OrgTechEmail: coler@website.ws OrgTechRef: https://rdap.arin.net/registry/entity/CRA50-ARIN OrgAbuseHandle: CRA50-ARIN OrgAbuseName: Randal, Cole OrgAbusePhone: +1-760-602-3000 OrgAbuseEmail: coler@website.ws OrgAbuseRef: https://rdap.arin.net/registry/entity/CRA50-ARIN RTechHandle: WSU6-ARIN RTechName: Support, WS RTechPhone: +1-760-602-3000 RTechEmail: abuse@website.ws RTechRef: https://rdap.arin.net/registry/entity/WSU6-ARIN