68.68.98.160 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 68.68.98.160 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1036 - Masquerading, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1195 - Supply Chain Compromise

• Tags: as16509 http, august, c2 server, date, first, guid, javascript, june, june attack, phylum, research, rustdesk

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts_browser

• Country: United States
• Network: AS18779 egihosting
• Noticed: 1 times
• Protcols Attacked: SSH

Malware Detected on Host

Count: 10 9d80c673705263af3b3772e60f6df8ec06cd1cf3039b556cde7ae247b19d687a eb738a21be42373469d5166516a058b54b89c1a3790c3cf7d6341e71824b54e8 a07d892f4f8fb409ad65d30704604bf7662f60f6fcf07d755f82cbd5def8ab12 2afeed6c6427d934d66e1aadf4dcecc4bd4f8ae1e281c1c21fd894bd58a40a9d 859fb00366f61fa3e1a4d46466b6435d46dc7893c40b40a07dcec09f75d3dc80 4d355d7bf5f636b2685f1eefd38c41b359178ba9781ce34ac60b5f3882896866 37ebd9d1451b45e60ec817d1f585667c2578200be5ea0c1b3939606e18ffeb6a 305016d83df05c39506a444931e0ebc661373e61b06abb88d84d761ba5f2d4b6 858f0898bc52d2c0e1d345a12b1c02fc34e40bdc4e692d2986d47961a1384f43 d2656bb269d6be28a41c0a7912d00590dee0b3f59ed3e1fd5d088ec2172de838

Open Ports Detected

443 80 8000 8001

Map

Whois Information

• NetRange: 68.68.96.0 - 68.68.111.255
• CIDR: 68.68.96.0/20
• NetName: EGIHOSTING-3
• NetHandle: NET-68-68-96-0-1
• Parent: NET68 (NET-68-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS18779
• Organization: EGIHosting (EGNL-1)
• RegDate: 2009-05-11
• Updated: 2012-03-02
• Comment: http://egihosting.com
• Ref: https://rdap.arin.net/registry/ip/68.68.96.0
• OrgName: EGIHosting
• OrgId: EGNL-1
• Address: 3223 Kenneth Street
• City: Santa Clara
• StateProv: CA
• PostalCode: 95054
• Country: US
• RegDate: 2007-07-23
• Updated: 2023-12-12
• Comment: http://egihosting.com
• Comment: Geofeed https://geofeed.egihosting.com/geofeed.csv
• Ref: https://rdap.arin.net/registry/entity/EGNL-1
• OrgNOCHandle: NOC2660-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-888-808-8806
• OrgNOCEmail: noc@egihosting.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC2660-ARIN
• OrgTechHandle: KTBIJ-ARIN
• OrgTechName: KT, Bijoy
• OrgTechPhone: +1-888-808-8806
• OrgTechEmail: egni@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/KTBIJ-ARIN
• OrgTechHandle: SIMKI10-ARIN
• OrgTechName: Simkiss, John
• OrgTechPhone: +1-408-228-4448
• OrgTechEmail: jas3@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/SIMKI10-ARIN
• OrgTechHandle: TRANR22-ARIN
• OrgTechName: Tran, Ryan
• OrgTechPhone: +1-408-228-4448
• OrgTechEmail: rtran@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TRANR22-ARIN
• OrgTechHandle: CHENJ-ARIN
• OrgTechName: Chen, James
• OrgTechPhone: +1-408-228-4448
• OrgTechEmail: james@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/CHENJ-ARIN
• OrgTechHandle: TRANH54-ARIN
• OrgTechName: Tran, Hung
• OrgTechPhone: +1-408-581-1984
• OrgTechEmail: htran@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TRANH54-ARIN
• OrgTechHandle: HERNA1269-ARIN
• OrgTechName: Hernandez, Aaron
• OrgTechPhone: +1-408-228-4448
• OrgTechEmail: aaron@egihosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/HERNA1269-ARIN
• OrgAbuseHandle: ABUSE1715-ARIN
• OrgAbuseName: Abuse Department
• OrgAbusePhone: +1-888-808-8806
• OrgAbuseEmail: abuse@egihosting.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1715-ARIN
• OrgRoutingHandle: NOC2660-ARIN
• OrgRoutingName: Network Operations Center
• OrgRoutingPhone: +1-888-808-8806
• OrgRoutingEmail: noc@egihosting.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/NOC2660-ARIN
• RNOCHandle: NOC2660-ARIN
• RNOCName: Network Operations Center
• RNOCPhone: +1-888-808-8806
• RNOCEmail: noc@egihosting.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC2660-ARIN
• RAbuseHandle: ABUSE1715-ARIN
• RAbuseName: Abuse Department
• RAbusePhone: +1-888-808-8806
• RAbuseEmail: abuse@egihosting.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1715-ARIN
• RTechHandle: SBR126-ARIN
• RTechName: Brookshire, Scott
• RTechPhone: +1-408-228-4448
• RTechEmail: scottb@egihosting.com
• RTechRef: https://rdap.arin.net/registry/entity/SBR126-ARIN
• NetRange: 68.68.98.0 - 68.68.98.255
• CIDR: 68.68.98.0/24
• NetName: NET-68-68-98-0
• NetHandle: NET-68-68-98-0-1
• Parent: EGIHOSTING-3 (NET-68-68-96-0-1)
• NetType: Reallocated
• OriginAS: AS18779
• Organization: Dynadot LLC (DL-43)
• RegDate: 2022-01-20
• Updated: 2022-01-20
• Comment: Note: abuse@dynadot.com
• Ref: https://rdap.arin.net/registry/ip/68.68.98.0
• OrgName: Dynadot LLC
• OrgId: DL-43
• Address: PO Box 345
• City: San Mateo
• StateProv: CA
• PostalCode: 94401
• Country: US
• RegDate: 2011-12-29
• Updated: 2011-12-29
• Ref: https://rdap.arin.net/registry/entity/DL-43
• OrgTechHandle: DYNAD-ARIN
• OrgTechName: Dynadot Staff
• OrgTechPhone: +1-650-585-1961
• OrgTechEmail: abuse@dynadot.com
• OrgTechRef: https://rdap.arin.net/registry/entity/DYNAD-ARIN
• OrgAbuseHandle: ABUSE3287-ARIN
• OrgAbuseName: Abuse Department
• OrgAbusePhone: +1-866-262-3399
• OrgAbuseEmail: abuse@dynadot.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3287-ARIN

Links to attack logs

****** ****** ******