70.39.84.237 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 70.39.84.237 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

• Mitre ATT&CK IDs: T1056 - Input Capture, T1059.007 - JavaScript, T1071 - Application Layer Protocol, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1497 - Virtualization/Sandbox Evasion

• Tags: 70.39.84.237 cnc, adv tool, all scoreblue, attacker, autonomous system label, avast avg, bank, blacklist, blacklist http, cisco umbrella, communicating, contacted, count blacklist, creation date, date, date hash, detection list, dns replication, dnssec, domain, dropped, execution, exit, federal credit, files, host, hostile host, hostname, hostnames, iocs, ip summary, next, node tcp, passive dns, paste, phishing, pulse submit, red canary, referrer, safe site, sample, samples, scan endpoints, search, sharktech, showing, site, south carolina, spammer, ssl certificate, summary, tag combined, tag count, team, threat, threats et, tor known, tor relayrouter, traffic, type name, union, url analysis, urls, urls http, url summary, whois record, whois whois, win32, win32 exe

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS46844 sharktech
• Noticed: 1 times
• Protcols Attacked: SSH
• Countries Attacked: United States of America
• Passive DNS Results: kidc.com.cn kg9.com.cn 188cha.com jgyz.cc 388888888.net 1823.com 174.cn 100.name 35sell.com 33sell.com 169.cn 3636.in 3609090.com 3580x.com 320800.com 3163168.com 30844.net bohaohao.com 6542.cn 6391.cn 66dafabet.com 65xt.com 6576777.com 656788.net 65498.com 60mj.com qw188.com shaishuang.com 456tv.com 405555.com 44ys.com 470800.com 456498.com 454507.com vpig.com fcyq.com www.exrj.net 51yougu.com 5zufbe0x.szxjh.com qgiq.com xkxy.net regenthotels.com.cn woosa.cn xbp.com suniva.cn ssc8.net reneerouleau.cn cfigroup.cn cqrg.net cpslb.com 32732.com 320576.com 320539.com 320372.com 3dscanner.com.cn londa.cn 1634.info 1464.info ypls.com 3dn9.9thd.pzhsj.com 1z1uhyf8.gkkkl.com 320392.com 5xv6ospi.tb188.com 4399.com.qm75.com xyycm.com zhidao.dsjl.net thw888.com 53.lt 51sign.cn 51peicai.com 51lvju.com 51leho.com 4cn.51zz.net 50897.net 51sr.cn 283.pw 223572.com 220449.com 217374.com 2148882.com 212123.com 277576.com 236363.COM jiaduole.com 364642.com 355233.com 3536333.com 320597.com www.32QW.com 365piao.com 334.net 95yg.com num0.dcoin.co 32322.cn 068711.com 027i.com 02685.net 025663.com 02174.net 00003.biz enfl.xbhhh.com 20xz.com 28jl.com 3sell.com 38sell.com 332tyc.com 0316888.com 01cha.com dear.net.cn yfrxw.com qztzn.com zuxie.cn mil4.com mmxxdd.com gan77.com okxun.com yhncv.cc.ai dgxxx.com 73671.com sjxh.cn wtcw.cn 08joy.com 086835.com 07hr.com 00ee.net 0066345.com cha.la 68289.com 614327.com 168fq.com 588657.com 5288889.com 508800.com 51chengji.com 512341.com 531818.com 201564569emnix.damb.com.cn sxgmt.com 888693.com affection.cn 199.biz 195771.com 19558.biz 195.biz 191191.biz 190.biz 18987.biz 18986.biz 18983.biz 186186.biz 18582.biz 18558.biz 18283.biz 181181.biz 181.biz 178178.biz 17776.biz 177.biz 175.biz 171171.biz 16558.biz 161161.biz 158158.biz 15225.biz 151151.biz 151.biz 144.biz 139139.biz 13895.biz 13785.biz 13685.biz 13575.biz 13558.biz 135135.biz 13336.biz 13144.biz 12558.biz 12515.biz 12399.biz 12345.biz 1234321.biz 12306.biz 122122.biz 12191.biz 12151.biz 12132.biz 120120.biz 11989.biz 11985.biz 11983.biz 11911.biz 11896.biz 11892.biz 11778.biz 11666.biz 11599.biz 11589.biz 11586.biz 11585.biz 11583.biz 11582.biz 11581.biz 113113.biz 11266.biz 112112.biz 11148.biz 10818.biz 160.cl 1432.gs 1425.gs k.dcoin.co wj95.com 51jianchi.com 517ff.com 5158712.com 5l9.cn 5jt.net 5f8.net 57aa.com 55ar.com 555jf.com 550605.com 52ztc.com 51maile.com 51express.com 51c2c.com 38pc.com h.dcoin.co 3996699.com 3995599.com 3992299.com 3991199.com 33223333.com lou7.com 3288.tv axehome.com 517gou.com 65zg.com 181599.net 11.co 10099.net 6224.com 6203.com 66999111.com 66777111.com 6668888888.com 66668855.com 66668822.com 66668811.com 66665599.com 66662266.com 66662211.com 66333111.com 66222666.com 66222111.com 66111999.com 66111777.com 66111666.com 66111555.com 66111333.com 66111222.com 6161618.com 614.am 582.dm234.com 660q.com 6677ww.com 66688822.com 66655599.com 66655566.com 66611888.com 66557788.com 66555999.com 66555777.com 66555599.com 66555588.com 6rs.net 666555111.com tengxunqq110.vicp.net babycargo.cn 745188.com 22sx.com yishanfang.net yiqiwanqu.com yiyezui.com 7yy88.com pp.dcoin.co QZKX.COM 01110888.com 6000900.com 666952.com 634.am 62233.net 60800.net 29588.net 226668.com 22209.net 21788.net 696bet.com 2524.cc p.dcoin.co 3618.cm 51bkb.com 620.am gjhr.cn 5dang.com 66cr.com 440151.com 6787778.com 31net.com 19190.info 18sell.com 167111.com 16061.info 15sell.com 15051.info 1179.info 1000kan.com 439395.com a.dcoin.co 4h5l.5p.aligame.cc jxhealth.com fcpiao.cn fuan.info f.dcoin.co tkrz.cn 482620.com 472334.com 469695.com nmgb.cn num7.dcoin.co alip2p.com 339.51722.macjor.com 2too5.chiping.cc 24hours.cc c812.com www.gm73.com hfwa.com GUOJIPINPAI.COM Q9688.COM KTGM.COM ICTH.NET 54321.ORG 51YUMING.COM LTXYC.COM PUJIN.COM OKTUAN.COM IPEVC.COM IRZ.CN IHUIZHE.COM MAOCIYUAN.COM 194025.COM 111322.COM 579073.com 188you.com 285860.COM 20QY.COM 20888.INFO LOVEQC.COM 5245.com 5986.TOP 51DV.NET ALIDIANDANG.COM AQXG.NET QXXC.NET AYVI.CN QWSNB.COM UU5566.COM GFWQ.NET v.dcoin.co GUICAIXIN.COM GMWPT.COM GSLC.XYZ GSLWS.COM AQNX.NET GU168.COM VCBANK.NET VISIONCHINA.ORG VALEN.CN 163riyu.com 111225.COM MHGP.NET MGPWW.COM MENZI.CN HFDJB.COM HQ-R.COM ANNENG.TOP 33yp.com 132746.com jiangnuo.cn 361100.cn chinaws.cn chinaidea.com.cn satz.com.cn seying.cn seaidea.cn biaohai.com.cn rkdr.cn bohq.cn rkdj.cn rr22.cn bayinguoleng.cn bellavita.cn 40035.cn jette.com.cn jungang.com.cn jinzijing.cn jcst.cn jialiang.com.cn jiahen.cn jindalu.cn josefseibel.com.cn jackgomme.com.cn jiangdui.cn juyun.com.cn jyhotel.cn jayd.cn jintongling.cn jinxie.cn jishishan.com.cn jxkd.cn jqh.com.cn jiyincexu.com.cn juunj.cn jsfunds.cn jwrh.com.cn jiebao.com.cn jofe.cn justia.com.cn junming.com.cn jjzq.cn jd7.com.cn jingwaitao.cn jianhao.com.cn jisong.com.cn jianyin.com.cn josabank.cn jpfz.cn jundian.cn jennyfer.com.cn johnmasters.com.cn jsbtc.cn jingheng.com.cn jjhs.cn juqueyan.com.cn justgold.cn jiurun.com.cn jiej.cn jire.com.cn jingri.cn jumio.com.cn jinzheng.cn juchepin.cn jinzhao.cn jonrenau.cn jiancun.com.cn junshuo.com.cn jrenee.cn jinsi.cn jiaoguang.com.cn jingfukang.com.cn jiashiyuan.cn jiaokou.cn jeux.com.cn jinianpan.cn jiamai.com.cn jinang.com.cn jinyaolan.cn jxlaw.cn jiushuo.cn jeki.com.cn jingzong.cn jiot.com.cn juhaowei.com.cn johnlewis.com.cn jzdy.cn jinqing.com.cn jght.cn junlin.com.cn joor.com.cn jolu.com.cn jyba.com.cn jzbg.com.cn jbai.cn jyhfw.cn j4i.cn jinsu.com.cn jnfkw.cn jidy.cn jzbd.com.cn jndns.cn jurongren.cn jqal.cn jieke.com.cn jaos.com.cn jupengyou.cn jiaolian.com.cn jiutang.com.cn jzdf.cn jxzg.cn jiagedaqi.com.cn

Malware Detected on Host

Count: 5 d2ab570193593ceaa5bea4760489583c1da7a898d0f8b0cb096b78e215e1fec6 f350e812e629abf62b6d660d86305a1eb555231c712ed757826707edbcf06f44 8045b4360ed48f0f60d707535f88e561105823c2f74500ef75bda56f01f8eac1 83591361c770d4326f89bcb022cc86258244e2d8d820e7e6a03a7ff037237e85 d3128bec8866e791e034932ddb6b234134316056c897fe3decc499015593e55a

Map

Whois Information

• NetRange: 70.39.64.0 - 70.39.127.255
• CIDR: 70.39.64.0/18
• NetName: SHARKTECH-INC
• NetHandle: NET-70-39-64-0-1
• Parent: NET70 (NET-70-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS46844
• Organization: Sharktech (SHARK-7)
• RegDate: 2010-01-26
• Updated: 2014-01-22
• Ref: https://rdap.arin.net/registry/ip/70.39.64.0
• OrgName: Sharktech
• OrgId: SHARK-7
• Address: 8560 S. Eastern Ave Suite 210
• City: Las Vegas
• StateProv: NV
• PostalCode: 89120
• Country: US
• RegDate: 2012-01-20
• Updated: 2022-11-30
• Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
• Ref: https://rdap.arin.net/registry/entity/SHARK-7
• OrgTechHandle: NOC2002-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-702-425-9980
• OrgTechEmail: support@sharktech.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC2002-ARIN
• OrgAbuseHandle: ABUSE1080-ARIN
• OrgAbuseName: ABUSE Department
• OrgAbusePhone: +1-702-425-9980
• OrgAbuseEmail: abuse@sharktech.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1080-ARIN
• OrgNOCHandle: NOC2002-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-702-425-9980
• OrgNOCEmail: support@sharktech.net
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC2002-ARIN
• NetRange: 70.39.64.0 - 70.39.127.255
• CIDR: 70.39.64.0/18
• NetName: ST-DEN
• NetHandle: NET-70-39-64-0-2
• Parent: SHARKTECH-INC (NET-70-39-64-0-1)
• NetType: Reallocated
• OriginAS: AS46844
• Organization: Sharktech (SHARK-9)
• RegDate: 2014-01-23
• Updated: 2014-01-23
• Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
• Ref: https://rdap.arin.net/registry/ip/70.39.64.0
• OrgName: Sharktech
• OrgId: SHARK-9
• Address: 5350 S Valentia Way
• City: Greenwood Vlg
• StateProv: CO
• PostalCode: 80111
• Country: US
• RegDate: 2014-01-22
• Updated: 2016-12-21
• Comment: FOR ABUSE RELATED QUESTIONS PLEASE EMAIL ABUSE AT SHARKTECH.NET
• Ref: https://rdap.arin.net/registry/entity/SHARK-9
• OrgAbuseHandle: ABUSE1080-ARIN
• OrgAbuseName: ABUSE Department
• OrgAbusePhone: +1-844-706-7383
• OrgAbuseEmail: abuse@sharktech.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1080-ARIN
• OrgNOCHandle: NOC2002-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-702-425-9980
• OrgNOCEmail: support@sharktech.net
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC2002-ARIN
• OrgTechHandle: NOC2002-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-702-425-9980
• OrgTechEmail: support@sharktech.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC2002-ARIN