129.42.38.1 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 129.42.38.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 61/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: United States
- Noticed: 3 times
- Protocols Attacked: SSH
- Countries Attacked: Argentina, Aruba, Australia, Austria, Bulgaria, Canada, Chile, China, Colombia, Denmark, France, Georgia, Germany, Hong Kong, India, Indonesia, Italy, Japan, Mexico, Netherlands, Norway, Philippines, Poland, Russian Federation, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
- Tor Node: No
- Associated Malware Samples: 82
Tags
- 0 report
- aaaa
- aaaa nxdomain
- accept
- accept encoding
- added active
- address
- address first
- a domains
- alf features
- algorithm
- all octoseek
- all scoreblue
- all search
- america asn
- a nxdomain
- apache
- apache cache
- applec1z
- apple computer
- april
- arial helvetica
- artro
- as10906
- as11284
- as133775 xiamen
- as13414 twitter
- as14061
- as15133 verizon
- as15169 google
- as16276
- as16625 akamai
- as19527 google
- as20940
- as22612
- as2914 ntt
- as30081
- as31034 aruba
- as31898 oracle
- as36081 state
- as36459
- as397240
- as397241
- as41231
- as44273 host
- as46606
- as4766 korea
- as54113
- as62597 nsone
- as63949 linode
- as7296 alchemy
- as8075
- as9009 m247
- ascii text
- asn as16509
- asn as36459
- asnone
- asnone united
- attack
- aurora
- authentication
- author avatar
- auto
- avast avg
- ave suite
- backdoor
- beginstring
- big o
- bladabindi
- body
- body length
- brazil unknown
- brute force
- bundled
- ca issuers
- canada unknown
- certificate
- checkin
- checkin m1
- china as23724
- china as45090
- china unknown
- chrome
- ck id
- ck ids
- class
- click
- cname
- cobalt strike
- code
- code us
- collections
- collisionbox
- command type
- communicating
- components
- comspec
- contact
- contacted
- continent na
- copy
- copyright
- core
- country united
- country unknown
- country us
- crazy doll
- created
- creation date
- credit card
- crlf line
- cryp
- cus oapple
- dark power
- data
- dataadobereader
- data c
- date
- date hash
- days ago
- ddos
- dead_host
- destination
- director
- div div
- dns resolutions
- dnssec
- dns show
- document file
- domain
- domain name
- domains top
- dotcisoffer
- download
- dropped
- east
- emails
- emotet
- emotet type
- encrypt
- enterprise open
- entries
- error
- error all
- error f
- etpro trojan
- evasion ta0005
- execution
- expiration
- expiration date
- expiressat
- expiresthu
- exploit
- explorer
- factory
- falcon sandbox
- false
- family
- file
- filehashmd5
- filehashsha256
- files
- file samples
- files ip
- files location
- files matching
- files related
- final url
- flag united
- formbook cnc
- france unknown
- full name
- g1 validity
- gameoverpanel
- gecko
- germany
- germany unknown
- getprocaddress
- github
- github pages
- globalnpf
- gmt cache
- gmt content
- gmt contenttype
- gmt report
- hacktool
- hack type
- hashes
- health type
- hichina
- high
- historical
- historical ssl
- hong kong
- hostname
- hostnames
- html info
- http
- httponly
- http response
- httpsupgrades
- hybrid
- icmp traffic
- identity theft
- idlogin sep
- ieedge chrome1
- incapsula
- indicator
- infostealer
- initial
- intel
- iocs
- ioc search
- ip address
- ip check
- ipv4
- ipv6
- ireland unknown
- italy
- italy unknown
- japan as17676
- japan unknown
- json data
- kb body
- khtml
- lanc type
- less whois
- level
- linux
- linux ubuntu
- linux x8664
- local
- localappdata
- location https
- location united
- logic
- lolkek
- look
- mail spammer
- malware
- markmonitor
- mcig sep
- media center
- meta
- meta http
- meta name
- meta tags
- mexico
- miori hackers
- mirai
- mirai type
- mitre att
- model
- modules
- moved
- mozilla
- msie
- ms windows
- mtb aug
- mtb dec
- mtb description
- mtb sep
- music
- name security
- name servers
- name verdict
- net168
- net1680000
- nethandle
- network
- network_icmp
- new ioc
- next
- nextc type
- nexus category
- ninite
- nolookup_communication
- null
- number
- nxdomain
- open
- organization
- orgid
- orgtechhandle
- orgtechref
- osquery_detection
- o tires
- otx octoseek
- overview ip
- packing
- passive dns
- paste
- path
- pattern match
- pe32
- phone number
- porn type
- port
- postal code
- pragma
- province co
- public ev
- pulse http
- pulse pulses
- pulses email
- pulse submit
- pulses url
- purpose p5
- quasar rat
- query type
- ransom
- ransomware
- rat
- rauschenberg
- record value
- redirect
- referrer
- refresh
- registrar
- related nids
- related pulses
- related tags
- remote
- report spam
- request
- request id
- response
- restart
- revenge rat
- reverse dns
- robots content
- roleselfservice
- role title
- roots
- run keys
- runner
- russia
- russia unknown
- sameorigin
- samples
- scan endpoints
- script urls
- sea alt
- search
- sea x
- secure
- secure server
- seen asn
- seen last
- server
- server ecc
- servers
- service
- sha1
- sha256
- shop tires
- show
- showing
- simda http
- size
- slcc2
- smoke loader
- social
- social engineering
- softcnapp
- software
- south korea
- span
- ssl certificate
- startup
- status
- status code
- status hostname
- strings
- subject public
- suspicious
- swisyn
- t1045
- t1060
- t1082
- t1129
- taiwan as3462
- teams api
- telper
- temp
- threat
- threat analyzer
- tires
- tires language
- title
- title shop
- tls web
- tools
- trex
- trojan
- trojanclicker
- trojandropper
- trojan features
- trojanproxy
- trojanspy
- tr tr
- tulach type
- turkey unknown
- type indicator
- typeof
- types of
- tzw variants
- ubuntu
- ucha
- uid38009
- unique tlds
- unis
- united
- united kingdom
- united states
- university
- unknown
- unsafeeval
- url analysis
- url http
- url https
- urls
- urls https
- utf8
- v2 document
- v3 serial
- verify
- veryhigh
- virgin islands
- virtool
- web server
- wheels online
- whitelisted
- whitelisted ip
- whois record
- whois whois
- win32
- win32 type
- win64
- windir
- window
- windows nt
- wiper
- worm
- wow64
- write
- xserver
- x ua
MITRE ATT&CK TTPs
- T1003.008 - /etc/passwd and /etc/shadow
- T1003 - OS Credential Dumping
- T1012 - Query Registry
- T1027 - Obfuscated Files or Information
- T1031 - Modify Existing Service
- T1036 - Masquerading
- T1045 - Software Packing
- T1053 - Scheduled Task/Job
- T1055 - Process Injection
- T1056 - Input Capture
- T1057 - Process Discovery
- T1059.007 - JavaScript
- T1059 - Command and Scripting Interpreter
- T1060 - Registry Run Keys / Startup Folder
- T1071.003 - Mail Protocols
- T1071.004 - DNS
- T1071 - Application Layer Protocol
- T1078.001 - Default Accounts
- T1082 - System Information Discovery
- T1083 - File and Directory Discovery
- T1096 - NTFS File Attributes
- T1105 - Ingress Tool Transfer
- T1106 - Native API
- T1110.002 - Password Cracking
- T1110 - Brute Force
- T1112 - Modify Registry
- T1119 - Automated Collection
- T1129 - Shared Modules
- T1140 - Deobfuscate/Decode Files or Information
- T1143 - Hidden Window
- T1147 - Hidden Users
- T1155 - AppleScript
- T1410 - Network Traffic Capture or Redirection
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1498 - Network Denial of Service
- T1499 - Endpoint Denial of Service
- T1546.015 - Component Object Model Hijacking
- T1546 - Event Triggered Execution
- T1583.002 - DNS Server
- T1583.005 - Botnet
- T1601 - Modify System Image
- TA0005 - Defense Evasion
- TA0011 - Command and Control
Passive DNS
- expertus.ca
Attack Log References
Whois Information
NetRange: 129.42.0.0 - 129.42.255.255
CIDR: 129.42.0.0/16
NetName: KYN-GTS-129-42
NetHandle: NET-129-42-0-0-1
Parent: NET129 (NET-129-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Kyndryl (KYNDR)
RegDate: 1987-07-29
Updated: 2023-05-31
Ref: https://rdap.arin.net/registry/ip/129.42.0.0
OrgName: Kyndryl
OrgId: KYNDR
Address: One Vanderbilt Avenue, 15th Floor HQ
City: New York
StateProv: NY
PostalCode: 10017
Country: US
RegDate: 2022-06-29
Updated: 2022-09-21
Comment: Kyndryl IP ORG
Ref: https://rdap.arin.net/registry/entity/KYNDR
OrgRoutingHandle: IPREG4-ARIN
OrgRoutingName: ipreg
OrgRoutingPhone: +1-512-659-2809
OrgRoutingEmail: IPreg@kyndryl.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPREG4-ARIN
OrgAbuseHandle: IPREG4-ARIN
OrgAbuseName: ipreg
OrgAbusePhone: +1-512-659-2809
OrgAbuseEmail: IPreg@kyndryl.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/IPREG4-ARIN
OrgTechHandle: IPREG4-ARIN
OrgTechName: ipreg
OrgTechPhone: +1-512-659-2809
OrgTechEmail: IPreg@kyndryl.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPREG4-ARIN
OrgDNSHandle: IPREG4-ARIN
OrgDNSName: ipreg
OrgDNSPhone: +1-512-659-2809
OrgDNSEmail: IPreg@kyndryl.com
OrgDNSRef: https://rdap.arin.net/registry/entity/IPREG4-ARIN
OrgNOCHandle: IPREG4-ARIN
OrgNOCName: ipreg
OrgNOCPhone: +1-512-659-2809
OrgNOCEmail: IPreg@kyndryl.com
OrgNOCRef: https://rdap.arin.net/registry/entity/IPREG4-ARIN