138.113.128.20 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 138.113.128.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 42/100

Host and Network Information

• Mitre ATT&CK IDs: T1016 - System Network Configuration Discovery, T1027 - Obfuscated Files or Information, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion

• Tags: ca1 odigicert, control ta0011, copyright, cus cndigicert, cus lsan, dns resolutions, evasion ta0005, files, file type, get http, inc subject, number, pdf document, post http, resolved ips, sha256, shell, status url, stcalifornia, ta0002 defense, ta0004 defense, ta0009 command, tls rsa, verdict

• JARM: 3fd3fd20d3fd3fd21c41d41d000000d0255d76e2a23d86aaeea11a763e6393

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: SSH

Open Ports Detected

10000 10001 10002 10004 10013 10017 10018 10020 10022 10023 10025 10049 10081 10205 10443 10477 1080 11000 11101 11112 11401 12000 12001 12016 12111 12329 12341 12345 12902 13000 14026 1414 1433 14407 1443 1444 14873 14894 14897 14900 14903 15040 15042 15044 1515 15443 16000 17000 17010 1723 18003 18008 18010 18062 18084 18098 18443 1883 189 190 19000 192 19443 19776 2000 20000 20001 2003 20082 20121 2083 2086 2087 21001 2323 2345 2443 2444 28443 3000 30001 30003 3001 30010 3008 30443 31210 3306 3443 400 4000 4080 43221 4343 443 4430 4433 444 4443 447 4899 5000 50003 5001 5003 5005 5006 5007 50070 5009 5010 5080 5090 5222 5443 5671 6000 6001 6006 6007 6010 6011 6020 6080 6081 6443 6503 6603 6666 6699 6998 7000 7001 7002 7005 7011 7015 7016 7018 7100 7283 7443 7777 7923 8000 8001 8002 8005 8009 8010 8011 8014 8015 8016 8017 8020 8023 8026 8029 8031 8040 8044 8055 8056 8060 8061 8081 8083 8085 8086 8087 8089 8090 8091 8098 8099 8100 8102 8104 8105 8109 8110 8112 8113 8114 8122 8123 8126 8129 8131 8132 8134 8159 8181 8183 8188 8190 8199 8200 8383 8384 8401 8442 8443 8444 8445 8446 8500 8503 8543 8600 8732 8787 8800 8802 8866 8880 8883 8888 8889 8899 8911 8912 8916 8935 8989 9000 9001 9002 9003 9004 9009 9011 9013 9026 9035 9037 9043 9047 9061 9066 9070 9074 9080 9082 9089 9090 9091 9092 9095 9098 9105 9115 9122 9191 92 9200 9236 9410 9443 9447 9501 9550 9800 9885 9916 9919 9922 9930 9939 9943 9944 9955 9977 9988 9991 9998 9999

Similar IP Addresses Detected

138.113.0.131 138.113.1.240 138.113.10.8 138.113.138.246 138.113.182.135 138.113.2.63 138.113.22.151 138.113.23.170 138.113.23.179 138.113.3.133

Map

Whois Information

• NetRange: 138.113.0.0 - 138.113.255.255
• CIDR: 138.113.0.0/16
• NetName: METEVERSE-NETWORKS
• NetHandle: NET-138-113-0-0-1
• Parent: NET138 (NET-138-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Meteverse Limited. (ML-1432)
• RegDate: 2023-04-13
• Updated: 2023-04-13
• Ref: https://rdap.arin.net/registry/ip/138.113.0.0
• OrgName: Meteverse Limited.
• OrgId: ML-1432
• Address: 250 Consumers Road, 1108
• City: North York
• StateProv: ON
• PostalCode: M2J 4V6
• Country: CA
• RegDate: 2023-03-10
• Updated: 2023-04-14
• Comment: NOC hours are 9:00 AM to 6:00 PM EST
• Ref: https://rdap.arin.net/registry/entity/ML-1432
• OrgDNSHandle: TECHS233-ARIN
• OrgDNSName: Tech Support
• OrgDNSPhone: +1-310-975-9580
• OrgDNSEmail: tech_support@meteversecloud.com
• OrgDNSRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgRoutingHandle: TECHS233-ARIN
• OrgRoutingName: Tech Support
• OrgRoutingPhone: +1-310-975-9580
• OrgRoutingEmail: tech_support@meteversecloud.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgNOCHandle: TECHS233-ARIN
• OrgNOCName: Tech Support
• OrgNOCPhone: +1-310-975-9580
• OrgNOCEmail: tech_support@meteversecloud.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgTechHandle: TECHS233-ARIN
• OrgTechName: Tech Support
• OrgTechPhone: +1-310-975-9580
• OrgTechEmail: tech_support@meteversecloud.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgAbuseHandle: ABUSE8687-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-310-975-9580
• OrgAbuseEmail: abuse@meteversecloud.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8687-ARIN
• NetRange: 138.113.128.0 - 138.113.128.255
• CIDR: 138.113.128.0/24
• NetName: METEVERSE
• NetHandle: NET-138-113-128-0-1
• Parent: METEVERSE-NETWORKS (NET-138-113-0-0-1)
• NetType: Reassigned
• OriginAS:
• Customer: Private Customer (C10995909)
• RegDate: 2024-10-23
• Updated: 2024-10-23
• Ref: https://rdap.arin.net/registry/ip/138.113.128.0
• CustName: Private Customer
• Address: Private Residence
• City: North Kansas
• StateProv: KS
• PostalCode: 66103
• Country: US
• RegDate: 2024-10-23
• Updated: 2024-10-23
• Ref: https://rdap.arin.net/registry/entity/C10995909
• OrgDNSHandle: TECHS233-ARIN
• OrgDNSName: Tech Support
• OrgDNSPhone: +1-310-975-9580
• OrgDNSEmail: tech_support@meteversecloud.com
• OrgDNSRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgRoutingHandle: TECHS233-ARIN
• OrgRoutingName: Tech Support
• OrgRoutingPhone: +1-310-975-9580
• OrgRoutingEmail: tech_support@meteversecloud.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgNOCHandle: TECHS233-ARIN
• OrgNOCName: Tech Support
• OrgNOCPhone: +1-310-975-9580
• OrgNOCEmail: tech_support@meteversecloud.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgTechHandle: TECHS233-ARIN
• OrgTechName: Tech Support
• OrgTechPhone: +1-310-975-9580
• OrgTechEmail: tech_support@meteversecloud.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHS233-ARIN
• OrgAbuseHandle: ABUSE8687-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-310-975-9580
• OrgAbuseEmail: abuse@meteversecloud.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8687-ARIN