130.14.29.110 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 130.14.29.110 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 47/100

Host and Network Information

• Mitre ATT&CK IDs: T1057 - Process Discovery, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1480 - Execution Guardrails

• Tags: active related, address, alerts, analysis date, ascii text, at filer, av detections, body, c data, ck id, click, command, copy, copy md5, copy sha1, copy sha256, data upload, date, discovery att, domain data, dom dom, dom doman, ecacc, enter, enter sc, entries, error, evasion att, excluded io, excluded tous, extraction, extraction data, extra data, extri please, failed, filehash, file score, find, find s, find suggested, general, gmt etag, hybrid, ids detections, include data, included iocs, indicaok data, indicator role, informative, iocs, learn, levelbluelabs, local, look, manually add, md5 add, mitre att, name tactics, null, o please, o suggesteo, path, pattern match, pdf report, please, pulse pulses, pulses hostname, push, refresh, restart, review data, review uus, search, server, serving ip, sha1, sha256, show, size, span, spawns, strings, suspicious, t1480 execution, title added, tools, tui sugges, type, types, u exclude, url http, url https, utf8, verify, yara detections

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: dbgap.nih.gov vip-www.ncbi.nlm.nih.gov view.ncbi.nlm.nih.gov eutils.ncbi.nlm.nih.gov pdalogin.ncbi.nlm.nih.gov misuse.ncbi.nlm.nih.gov jats.nlm.nih.gov www.ncbi.nlm.nih.gov ncbi.nlm.nih.gov rvista.dcode.org pubchem.ncbi.nlm.nih.gov pubmed.com dcode.org www.pubmed.com blast.ncbi.nlm.nih.gov eshadow.dcode.org dire.dcode.org genomereference.org zpicture.dcode.org ecrbrowser.dcode.org ecrbase.dcode.org cape.dcode.org www.gphn.mx www.genomereference.org gphn.mx clare.dcode.org dd.ncbi.nlm.nih.gov eutils-redirect.ncbi.nlm.nih.gov archive-dtd.ncbi.nlm.nih.gov www.be-md.pubmedcentral.nih.gov api.ncbi.nlm.nih.gov oasrv.ncbi.nlm.nih.gov anonsvn.ncbi.nlm.nih.gov www.3dvcell.org multitf.dcode.org insitu.dcode.org creme.dcode.org array2bio.dcode.org micad.nih.gov 3dvcell.org www.nlmcatalog.nlm.nih.gov mulan.dcode.org dev.3dvcell.org www.genbank.gov synor.dcode.org www.dtd.nlm.nih.gov www.dcode.org rdf.ncbi.nlm.nih.gov www.be-md.ncbi.nlm.nih.gov eutils.be-md.ncbi.nlm.nih.gov archivedtd.ncbi.nlm.nih.gov www.pubmedcentral.com text.nlm.nih.gov structure.ncbi.nlm.nih.gov www.pubmed.net pubmed.net pubmedcentral.org pubmedcentral.nih.gov pubmedcentral.gov pubmedcentral.com eutils.ncbi.nih.gov dtd.nlm.nih.gov ncbi.nih.gov blast.wip.ncbi.nlm.nih.gov dbgap.ncbi.nlm.nih.gov genomereference.com www.pubmedcentral.org www.pubmed.org www.pubmedcentral.nih.gov www.pubmedcentral.gov www.pubmed.gov www.ncbi.nih.gov pubmed.org eutils.wip.ncbi.nlm.nih.gov www.wip.ncbi.nlm.nih.gov pubmed.gov nih.gov

Malware Detected on Host

Count: 33 20f76760716127b2739bdf069ec8a23e89c34a37371a65c2299c15404b0c3e25 c08b7c74e5c0b03086e2a9fd1afa222a68757150b6b6f5d95a5c9199200dea2b 1b6e1b0d59f0b31aeaf38d1314e961f4090f13a610524cd90ba4810002ecb607 171cdb026f8d034e13b471dd1aa01c2826e4f12eecb50e192375664bf71cd3ae 7b14be56e60e18f103fc625e2777fb223ea10dc021f7053a0b23cc564772978d a44812b44591121f3e711223db099043d4d72288e4f436dba2fb935b6d888d40 379c4d375b05dc6fbfa0bf792ad71299b9699e4e57c5904bce6a453779e30ec7 0e01f828895f16daba9cb798be605b42a18f0f041db47df1a84d262cbd955769 a2ee0692da7b5f1d76dfb4d49976aa61a48081aa5c9f51e849dbee426976860c a13f820402e3630e0e6bad37b2fd4f6a2c55db556fd5770c6a3661c394042ffd

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 130.14.0.0 - 130.14.255.255
• CIDR: 130.14.0.0/16
• NetName: NLM-ETHER
• NetHandle: NET-130-14-0-0-1
• Parent: NET130 (NET-130-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: National Library of Medicine (NLM-Z)
• RegDate: 1988-04-19
• Updated: 2024-10-04
• Ref: https://rdap.arin.net/registry/ip/130.14.0.0
• OrgName: National Library of Medicine
• OrgId: NLM-Z
• Address: 8600 Rockville Pike
• City: Bethessda
• StateProv: MD
• PostalCode: 20817
• Country: US
• RegDate: 2024-09-27
• Updated: 2024-09-27
• Ref: https://rdap.arin.net/registry/entity/NLM-Z
• OrgAbuseHandle: NAC15-ARIN
• OrgAbuseName: Network Abuse Center
• OrgAbusePhone: +1-301-496-2943
• OrgAbuseEmail: abuse@nlm.nih.gov
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NAC15-ARIN
• OrgTechHandle: GATES18-ARIN
• OrgTechName: Gates, Kevin
• OrgTechPhone: +1-301-496-2572
• OrgTechEmail: kevin.gates@nih.gov
• OrgTechRef: https://rdap.arin.net/registry/entity/GATES18-ARIN

Links to attack logs

****** anonymous-proxy-ip-list-2023-07-03 ****** ******