8.5.1.3 Threat Intelligence and Host Information

Dec 01, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 8.5.1.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information
Tags: 3px 3px, acint, adware, agent, alexa top, amazon aws, analysis, android, anonymizer, antivirus, apk download, appdata, apple ios, applicunwnt, artemis, ascii text, atom, attack, av detection, azorult, bank, behav, blacklist, blacklist https, body, body length, bundled, cisco umbrella, ck id, ck matrix, class, cleaner, click, cloudflare, communicating, conduit, contacted, contacted urls, contains, crack, critical, cyber criminal, date, detection list, domain address, downldr, download, driverpack, dropper, eeeeee, email address, enom, error, et tor, exit, expiressat, exploit, external, f8f9fa, facebook, fakealert, fakedout threat, falcon sandbox, file, filetour, final url, firehol, flag, fusioncore, gamehack, general, generic, genkryptik, google tag, hackers install, heur, historical ssl, hosts, html info, http response, hybrid, iframe, indicator, installcore, ip address, ip summary, jfif, jpeg image, kb body, known tor, legal entities, logo, logo analysis, malicious host, malicious site, maltiverse, malware, malware site, markmonitor, maxage31536000, meta, meta tags, million, mime, mimikatz, misc attack, mitre att, multi scan, name server, name verdict, na visit, new relic, nircmd, node traffic, official apk, open, opencandy, osint, passcode, patcher, path, pattern match, phishing, phishing site, png image, pragma, presenoker, proxy, quasar rat, ransomware, referrer, relayrouter, resolutions, results, riskware, runescape, safe site, sample, samples, sansx22, scan10132023, script, scroll, server, service, sha256, show, show technique, site, size81b type, softcnapp, span, ssl certificate, status code, strings, summary, suppobox, svg scalable, swrort, systweak, t, t1114, team, tiggre, title kedence, trojanspy, twitter, united, unknown, unlocker, unsafe, update, urls, url summary, using ip, utc google, utc na, vector graphics, verified, view details, wacatac, webtoolbar, whois privacy, whois record, windows nt, xrat, xtrat
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, botscout_30d, ciarmy, cobaltstrike, esentire_volaya_ru, haley_ssh, hphosts_emd, hphosts_fsa, hphosts_psh, socks_proxy_30d, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, xforce_bccs, yoyo_adservers

Country: United States
Network: AS3356 level 3 parent llc
Noticed: 1 times
Protcols Attacked: Anonymous Proxy
Countries Attacked: United States of America
Passive DNS Results: benyanexo.ninja amex.website ebierehomes.com dbplays.com centurylinkincs.com californiasales.tax diyprofit.org cashflowonline.org breastsurgeonsbellevue.com batteryatlevents.com dealerswat.com dealeroutsell.com 29daystoa5k.com 153255.com climatetribunal.org climatecourt.net allenmonumentsllc.com bricoparis.com beautyuplawncareks.com 8115221.com 8113926.com 8113859.com 8113536.com 8113281.com 8112936.com 8112685.com 8112526.com 8112336.com kommegenetours.com cashinonouruseact.com bushelandlight.com eatherbs.com eastviewwesleyan.reviews budbf.com bocaiworld.net birthcertificate.website altarfa.com aerospacepr.com aboutusehills.com 8158861.com 8158825.com 8156881.com 8152885.com 8138831.com 8131883.com 1889112.com apoioambiental.com 12voltdc.com 118renti.com amateurgaysextube.com admintechforum.com envisionmark.com dayworkat.com creaciontotal.com 7000z.com equakewarning.com eqalarm.com edealsonsales.com cllbaseball.org chuizihui.com 648193.com 2955fretzvalleyroad.com 21btc.org 2018365.net educationalbadges.com cg.tips carrsqcletterfromsanta.com bjpharyana.org adultone.com 55555888.net 20004.net 100freeporno.com downtowndenver.news chatten.live affiliated.company 1beauty.org camping.express bestcarwarrantyoptionsaustralia.net best-dental-implants-option.com bancarioscataguases.com awesomecarpentrytrainingoptions.com 777igamenews.com 648979.com 648917.com 648729.com 648569.com 648525.com 648397.com 648353.com 648252.com 648216.com 648175.com 648157.com 648139.com 548791.com 548719.com 548676.com 548632.com 274821.com buzzboard.report blmembalagens.com bestboudoir.photography artdentmedia.net catalina-island.info brandink.graphics brand.ink bestgovernmentloanssearch.com 001466.com dealshovel.com advancingwithus.info 630530.com blackentertainment.org beaverengraving.ca atlantamusic.online allwheeldrivemod.com cfex-mt.com airporttransfer.world ainld.com drg123.com 114443.com diycreditnow.com convergedserver.com aqualivings.com americanlending168.us 10-best.online affiliatepire.com carebuildersathomeeastbay.com bahaipersianmedia.org cadenzacollection.com blackbullautosales.com apologeticum.net eagle-com.net dsslosangeles.com bestsneakersjp.com bauguie.com donnaisms.com blue.holdings bpalmeraccounting.reviews akggroup.com adanibunkering.com 369119.com cnc8282.com city.shoes bj098.com 2017center.com assembly2421.net canadianbuttonmaker.com blairisms.com ao-sex-kontakte.biz adaniinspire.com 66selang.com 2222305.com crowdboulevard.com cardealerstestimonials.com bx.pizza buybacklaw.com analysisdatapro.com 243400.com 240876.com drinkdrivingsolicitors.lawyer docs4health4life.net capitalcitystrings.org baodu9568.com amotodoincluido.com buyphoenixhomesnow.com bejeweledgames.net anxietynews.org davbry.rocks company2000.com companhiadourso.com bifoon.com aleyin.net elsercatolico.com elizabethmarksfloraldesign.com datingyourage.com ccdcolorcamera.com bransongiftoflights.com almegacable.com ahrensproperties.com 1021591bc.com cittyoforlando.net afropolitans.net coolstylewallpapers.com completegaragesolutions.net agraaceni.com sexvideos-x.com 5253333.com cruisingfans.com classicpornstar.net canadadebtsolutions.net caireb.ca amolaflorida.com easyappcreation.com claimmy.casa 18pornclips.com 420for.sale 30.business clearfallsaquatics.ninja 0play.poker chestercountypride.org are.business ama.style admin-regression-vk-20150922095647910.com ablecommerceapi.com proxylistonline.com embeddedantennas.com designforumanimation.com ammoniaspot.com acritel.net ce.legal campfireinajar.com chinamachinemall.com bridalsbypremier.com appointmentwithgod.net advancescooter.com accounting.finance 101.financial cncowners.com canadaimmigration.news campaignforfairsettlement.org 990.guide 1040.guide silvercrestmetals.com demandmedka.net coolvatican.com catfishnribs.com 2wheel-scooter.com equipmentretrade.com devacacionesaorlando.com buyafter.lease biosimilairescanada.ca ateconference.net application.school aomen.city angel.pictures advisor.fund ce.exchange brandsunbranded.com demcoin.net cfcdandiya.org brooklynpolitics.org ablio.news 80adelphi.com 4waytaxi.reviews eclipsetr.com djsonny.com cp.mba colonicsplus.com churchtrade.com choochai.com carlyoneil.com carlylelakerentals.com cam2cam-sexcam-chat.com brokenmonocle.com bizanalyst.com aclegend.com erasestation.com citpl.biz andadult.com 1330wraa.com blackcredit.cards asfeth.org bestchocolate2016.com ballbearingfan.com catalystcolombia.com busfront.com blogersach.net bestexecutive.mba atexasstyle.org de-3.com cloverleaftowers.com bruceharreld.com 660wxqw.net digitalmarketingstrategies.software byrdea.com breakfastmcl.com ampdlogic.com diariesofanessexgirl.com callevents.net asshole.dog da.show coventry.healthcare capitalwestinsurance.ninja aggbid.com ellisennis.com digistork.com call2uganda.com assetsunder.management alghadirhotel.com algathafy.com bradnierenberg.com collaboration.tools canal25net.tv discountdealshop.com 96slot.com celebrityfaux.com autodealertestimonial.com emergencypower.xyz honeydee.biz feel-good-as-new.com extravaluestore.com drugpricechecker.com chiromassagecenter.com calmfeeling.com 971885.com autoloancalculator.center cheaperdisplays3.net heritagenaturalaccents.com gender.center eventstellar.com evangelicascomestilo.com drjamesperry.com besteliquidflavors.com ifoxlive.com hg5470.com fitnessgroups.org dalmabet.com benefitauctioncompany.org hempurself.info ialwaleed.com hapiuu.com gunslingersportinggoods.com granado.xyz foremates.com enlacesjuegos.com desertlandscapes.xyz b24.camp alphabetit.net aclientwhocares.com hecminformation.xyz greatmallworld.com dimensionline.com devigroup.xyz deadspin.xyz contrary.xyz colinaimperial.xyz camp-777.net airmail.xyz 2020eyes.xyz freedomainwebhosting.us criminalrecordscanada.com cosmeticgenetherapy.com competencia-digital.com catherinemacdonaldauthor.com augustusresidential.com advertiseforfree.us fun-hack.com connormcdavid.xyz barbaranicholson.xyz alfredtranchinamorelli.com greenspcfund.com dronesfirst.com beersdelivered.com arabianimdb.com 4thewarriors.net igucitybus.com contempointeriors.biz evolvehomeautomation.com danielschereck.com expfans.com domains.bargains centralcoastpoolservices.com basicmiles.com hashtagresidential.com evermanga.net endangeredclothing.com efile.click authenticityisfreedom.com ameripridefoods.com get-restore.com 918bc.com hdtestdrives.com cursomaisgestao.com cindystable.ninja engagementreport.com daypdf.com espacio42.com bennykusman.xyz getsugardaddydatingoptionsoptions.com findhighschooldiplomaoptions.com delhisubcities.com 505mccmillan.com bet4140.com 4u44.com higheruniverse.org gthealthcare.com goldmoroccansilk.com cooperativesaustralia.com cancer-treatment-options.com balavahotel.com 678zr.com 2tcsp.com elcaminodesanantoniomissions.org celebratepopevisit.com appeallatelaw.com fanmodule.com discountshopper.net guibin66.com guibin6.com fakiehconsult.com enologics.com 2020on.com indiesaudio.com guibinzhuanxian.net grago.enterprises chasejosephdrinkwater.com as40676.net 633345345.com blockzaway.com bim.business backacademy.com editions-benevent.com checkilocation.com chastainlakesservicing.net acornmarlboro.com 0946.org directshoppersavingsalert.com blackopalbeauty-africa.com artisanalcraftandestatesales.net healthpotionno9.com epigeneticprogramming.org elmosneocleous.com agarpvpserver.org clean-cook-stoves.com arcadeobsession.com agaues.com awlove2016.com coldspringvet.rocks canadacreditninja.com bfk97.com a1care.ninja 10centtweet.net darylarussell.com dalemilanesa.com censoastronomico.com drexsdesignshack.reviews columbiaghosttour.com garbageat.com franselect.ninja foodpoisoningat.com firestationat.com faulkner.dance animalhospitalat.com 2016wh.com grupomarcioheleno.com construction-logistique.com baltimoreairporthotels.org communitycurrentnewspaper.rocks i-susukino.com harryboy.org fortfights.com 686800.com hrac-argentina.org griefbags.com beststoring.com greatblaster.com elderscrollsonline.auction cervoclinic.org cervoclinic.com ashland411.com ent-roussel.com blog.sexe-guadeloupe.com babeeporn.com 100yearsofdance.com ma-red.com bcenergiabrasil.com heat-man.com galacticimplosion.com cheesydvd.com carolinagaylife.com hippiedragon.com big-boobs.club ganglial.com freebookwritingclass.com epiphyllous.com commercialrealestateomaha.com centralkungfu.com bikinglab.com 1sgiaythoi.com gennesaretministries.org bestschoices.com hawaiipoi.com diplomaticcorpsthemovie.com conservationarts.net buyconfederatecolors.com allaboutthebrain.org iginbot20.com howdoesbitcoinwork.com elitebin.com daizuo.net caseybigus.com hawaiianmacnutoil.net fcmadvisor.org factorxf.com canou.com fucking.contractors crownlabs.ca bookbrooks.com 3itllc.com dermasorbrx.ca

Malware Detected on Host

Count: 1 1669bb471e64e6a265cfb6d0f0b44c596862492f6d6e418ca2befbeeee4b91df

Map

Whois Information

NetRange: 8.0.0.0 - 8.127.255.255
CIDR: 8.0.0.0/9
NetName: LVLT-ORG-8-8
NetHandle: NET-8-0-0-0-1
Parent: NET8 (NET-8-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Level 3 Parent, LLC (LPL-141)
RegDate: 1992-12-01
Updated: 2018-04-23
Ref: https://rdap.arin.net/registry/ip/8.0.0.0
OrgName: Level 3 Parent, LLC
OrgId: LPL-141
Address: 100 CenturyLink Drive
City: Monroe
StateProv: LA
PostalCode: 71203
Country: US
RegDate: 2018-02-06
Updated: 2023-08-10
Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY:
Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment:
Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden.
Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering.
Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so.
Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination.
Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met.
Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment: Our looking glass is located at: https://lookingglass.centurylink.com/
Comment:
Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page:
Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html
Comment:
Comment: For abuse issues, please email abuse@aup.lumen.com
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email)
Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/LPL-141
OrgTechHandle: APL7-ARIN
OrgTechName: ADMIN POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipadmin@lumen.com
OrgTechRef: https://rdap.arin.net/registry/entity/APL7-ARIN
OrgAbuseHandle: LAC56-ARIN
OrgAbuseName: L3 Abuse Contact
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LAC56-ARIN

Links to attack logs

Share on: