65.108.20.64 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 65.108.20.64 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 47/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Finland
  • Network: AS24940 hetzner online gmbh
  • Noticed: 1 time
  • Tor Node: No
  • Associated Malware Samples: 2

Tags

  • anna paula
  • api raccoon
  • april
  • associated
  • atomic
  • back
  • browsers raccoon
  • C2
  • c2 server
  • capture raccoon
  • channel raccoon
  • chat
  • code issues
  • collection raccoon
  • community
  • contact
  • cookie raccoon
  • currc3adculo
  • discover
  • discovery raccoon
  • dlls
  • download
  • exodus
  • first
  • from email
  • github
  • github sponsors
  • headers
  • information raccoon
  • injection raccoon
  • jump
  • june
  • malspam email
  • malware
  • malware-as-a-service
  • mars
  • mars stealer
  • msi file
  • open
  • protocols raccoon
  • pull
  • raccoon
  • Raccoon
  • raccoon stealer
  • raccoonstealer
  • RedLine
  • registry raccoon
  • runtime raccoon
  • screen
  • sha1
  • sha256
  • sign
  • size
  • star
  • stealer
  • Stealer
  • stealer v2
  • strong
  • system raccoon
  • telegram
  • transfer raccoon
  • tuesday
  • twitter
  • ukraine
  • utf8
  • view
  • wiki security
  • winapi
  • zip archive

MITRE ATT&CK TTPs

  • T1005 - Data from Local System
  • T1007 - System Service Discovery
  • T1012 - Query Registry
  • T1027 - Obfuscated Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1059 - Command and Scripting Interpreter
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1105 - Ingress Tool Transfer
  • T1106 - Native API
  • T1113 - Screen Capture
  • T1119 - Automated Collection
  • T1124 - System Time Discovery
  • T1134 - Access Token Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1201 - Password Policy Discovery
  • T1407 - Download New Code at Runtime
  • T1496 - Resource Hijacking
  • T1518 - Software Discovery
  • T1528 - Steal Application Access Token
  • T1539 - Steal Web Session Cookie
  • T1547 - Boot or Logon Autostart Execution
  • T1555 - Credentials from Password Stores
  • T1614 - System Location Discovery

Attack Log References

Whois Information

NetRange: 65.108.0.0 - 65.109.255.255 CIDR: 65.108.0.0/15 NetName: RIPE NetHandle: NET-65-108-0-0-1 Parent: NET65 (NET-65-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2021-06-22 Updated: 2021-06-22 Ref: https://rdap.arin.net/registry/ip/65.108.0.0 OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: hostmaster@ripe.net OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: abuse@ripe.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN inetnum: 65.108.20.64 - 65.108.20.79 netname: HOS-1119833 descr: HOS-1119833 country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN created: 2021-07-30T01:33:26Z last-modified: 2022-06-21T01:38:59Z role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 abuse-mailbox: abuse@hetzner.com org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE tech-c: MF1400-RIPE tech-c: SK8441-RIPE tech-c: DD15478-RIPE nic-hdl: HOAC1-RIPE mnt-by: HOS-GUN created: 2004-08-12T09:40:20Z last-modified: 2022-11-22T18:33:55Z route: 65.108.0.0/16 org: ORG-HOA1-RIPE descr: HETZNER-DC origin: AS24940 mnt-by: HOS-GUN created: 2021-06-25T09:19:58Z last-modified: 2021-06-25T09:19:58Z organisation: ORG-HOA1-RIPE org-name: Hetzner Online GmbH country: DE org-type: LIR address: Industriestrasse 25 address: D-91710 address: Gunzenhausen address: GERMANY phone: +49 9831 5050 fax-no: +49 9831 5053 admin-c: MF1400-RIPE admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: SK2374-RIPE admin-c: SK8441-RIPE abuse-c: HOAC1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: HOS-GUN mnt-by: RIPE-NCC-HM-MNT mnt-by: HOS-GUN created: 2004-04-17T11:07:58Z last-modified: 2022-11-22T18:32:44Z