74.206.228.78 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 74.206.228.78 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 71/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Network: AS27257 webair internet development company inc.
  • Noticed: 29 times
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 111, 443, 53, 80
  • Tor Node: No
  • Associated Malware Samples: 265

Tags

  • agent tesla
  • api monitoring
  • appdata
  • ave maria
  • a video
  • cyber security
  • danabot
  • dridex
  • formbook
  • formbook trojan
  • glouglk8ftbp
  • ioc
  • kanaan
  • kknk6lwtrhh
  • lokibot
  • malicious
  • march
  • Nextray
  • order
  • ouweuv1xjlmx
  • phishing
  • php control
  • quotation
  • quotation sheet
  • qxkkejehmp8p
  • remote access
  • vrp4gfgtftbpsl
  • warzone
  • windows
  • windows version
  • written

MITRE ATT&CK TTPs

  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1056 - Input Capture
  • T1080 - Taint Shared Content
  • T1113 - Screen Capture
  • T1114 - Email Collection
  • T1566 - Phishing

Associated CVEs

  • CVE-2021-23017

Passive DNS

  • mpatracker.com

Attack Log References

Whois Information

NetRange: 74.206.224.0 - 74.206.255.255 CIDR: 74.206.224.0/19 NetName: WEBAIRINTERNET3 NetHandle: NET-74-206-224-0-1 Parent: NET74 (NET-74-0-0-0-0) NetType: Direct Allocation OriginAS: AS27257 Organization: Webair Internet Development Company Inc. (WAIR) RegDate: 2008-05-14 Updated: 2012-03-02 Ref: https://rdap.arin.net/registry/ip/74.206.224.0 OrgName: Webair Internet Development Company Inc. OrgId: WAIR Address: 501 Franklin Avenue Address: Suite 200 City: Garden City StateProv: NY PostalCode: 11530 Country: US RegDate: 2001-03-12 Updated: 2017-05-03 Ref: https://rdap.arin.net/registry/entity/WAIR OrgNOCHandle: ZW64-ARIN OrgNOCName: IPAdmin-Webair OrgNOCPhone: +1-866-932-2471 OrgNOCEmail: louis.devictoria@opti9tech.com OrgNOCRef: https://rdap.arin.net/registry/entity/ZW64-ARIN OrgTechHandle: ZW64-ARIN OrgTechName: IPAdmin-Webair OrgTechPhone: +1-866-932-2471 OrgTechEmail: louis.devictoria@opti9tech.com OrgTechRef: https://rdap.arin.net/registry/entity/ZW64-ARIN OrgAbuseHandle: ABUSE2550-ARIN OrgAbuseName: Abusehandle OrgAbusePhone: +1-516-938-4100 OrgAbuseEmail: abuse@webair.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2550-ARIN RTechHandle: ZW64-ARIN RTechName: IPAdmin-Webair RTechPhone: +1-866-932-2471 RTechEmail: louis.devictoria@opti9tech.com RTechRef: https://rdap.arin.net/registry/entity/ZW64-ARIN RAbuseHandle: ZW64-ARIN RAbuseName: IPAdmin-Webair RAbusePhone: +1-866-932-2471 RAbuseEmail: louis.devictoria@opti9tech.com RAbuseRef: https://rdap.arin.net/registry/entity/ZW64-ARIN RNOCHandle: ZW64-ARIN RNOCName: IPAdmin-Webair RNOCPhone: +1-866-932-2471 RNOCEmail: louis.devictoria@opti9tech.com RNOCRef: https://rdap.arin.net/registry/entity/ZW64-ARIN