138.59.18.110 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 138.59.18.110 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056.001 - Keylogging, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1114 - Email Collection, T1176 - Browser Extensions, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1566 - Phishing, T1571 - Non-Standard Port, T1573.002 - Asymmetric Cryptography, T1573 - Encrypted Channel, TA0011 - Command and Control
  • Tags: acint, agent, agent tesla, agenttesla, alexa, alexa top, all octoseek, all search, anlise, anonymizers, appdata, apple, apple ios, artemis, as141773, as15169 google, as17506 arteria, as17806 mango, as19969, as32244 liquid, as49505, as61317, as62744, as63932, ascii text, asnone united, asyncrat, attack, authority, azorult, backdoor, bank, banker, bazaloader, bazarloader, beginstring, bitminer, blacklist, blacklist http, blacklist https, bladabindi, blockchain, body, bradesco, brian sabey, catalog file, cisco umbrella, ck id, class, cleaner, click, cobalt strike, collection, communicating, conduit, contacted, contacted urls, core, covid19, crack, critical, cry kill, cve201711882, cyber security, cyberstalking, cyber threat, cymulate2, dangeroussig, dapato, date, detection list, detplock, dllinject, domain, done adding, downldr, download, downloader, driverpack, dropped, dropper, dumping, emotet, encpk, encrypt, engineering, entries, error, et tor, exit, expired, facebook, fakeinstaller, falcon, fali contacted, fali malicious, file, files, filetour, formbook, fusioncore, general, generator, generic, generic malware, gmt content, gmt contenttype, hacking, hacktool, hallrender.com, heur, hostname, http, hybrid, iframe, immediate, indicator, installcore, installer, installpack, internet storm, iobit, ioc, ip address, ip summary, ipv4, japan unknown, keep alive, keylogger, known tor, kraddare, kyriazhs1975, loadmoney, local, lockbit, look, malicious, malicious site, maltiverse, malvertizing, malware, malware norad, malware site, mark sabey, media, mediaget, meta, meterpreter, million, miner, mirai, misc attack, mitre att, monitoring, moved, msil, name verdict, nanocore, nanocore rat, netwire rc, networm, next, Nextray, njrat, node traffic, noname057, null, open, otx octoseek, outbreak, passive dns, pattern match, paypal, phish, phishing, phishing site, phishtank, png image, pony, predator, presenoker, proxy avoidance, pulse as16509, pulse pulses, qakbot, qbot, quasar, raccoon, ransom, ransomexx, ransomware, redline, redline stealer, referrer, refresh, related nids, relayrouter, remcos, response, restart, riskware, root ca, rostpay, runescape, russia unknown, safe site, sample, samples, scan endpoints, script, search, service, silk road, site, smokeloader, softonic, span, spyrixkeylogger, spyware, ssl certificate, stealer, strings, summary, suppobox, swrort, systweak, tag count, team, threat, threat report, tools, tor, trojan, trojanspy, tsara brashears, Tsara brashears, twitter, type, union, united, unknown, unsafe, url http, urls, url summary, verify, vidar, wacatac, whois record, whois whois, win32, win64, windows nt, xcnfe

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_30d, botscout_7d, dm_tor, et_tor, sblam, snort_ipfilter, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, talosintel_ipfilter, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Costa Rica
  • Network: AS52423 data miners s.a
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Bangladesh, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Malaysia, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 50 fc258acd9fd8f554820c2ea948ce6acef0720f5735c1955ac9f57f148a789c0d 2f08e286158ac76e677f30ceaae69cc2e828f68d03708de6a51e8e3f49890161 7981c7b1d9c627c31a3fd3733e9f98c2d34ed58f86990f67d797bdf73fbdaddf beffac69805c6c9136a97617c62cf3022a3f896744357eb1259a9150918cacef 785d03ce5e5fea01a3d7036aad6e199b3db44fb6045b881749f2121af2a0cdeb 241e08b066aa9fd175b30eabde8a554cb0f0402dd7296ac1b533ff7ba8cd0426 b8c745ac2f4eda8ced40eda3b91de1f23c587b8d3c32997d4420f515f74c6e15 6aef9d4d60f1ae51cc009b417028935c4b014f1a84794f258bdd764b01ed14e1 c0b501fc2688e4db6043744d1a35fe12817138a7eb8ab6a67ecaf967ad06b089 93d33ab8608341e8ddbf8e2ffd6017cb0abed060cf512622146208b8632fa60d

Open Ports Detected

443

Map

Whois Information

  • NetRange: 138.59.0.0 - 138.59.255.255
  • CIDR: 138.59.0.0/16
  • NetName: LACNIC-ERX-138-59-0-0
  • NetHandle: NET-138-59-0-0-1
  • Parent: NET138 (NET-138-0-0-0-0)
  • NetType: Transferred to LACNIC
  • OriginAS:
  • Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
  • RegDate: 2010-11-19
  • Updated: 2010-11-19
  • Comment: This IP address range is under LACNIC responsibility
  • Comment: for further allocations to users in LACNIC region.
  • Comment: Please see http://www.lacnic.net/ for further details,
  • Ref: https://rdap.arin.net/registry/ip/138.59.0.0
  • OrgName: Latin American and Caribbean IP address Regional Registry
  • OrgId: LACNIC
  • Address: Rambla Republica de Mexico 6125
  • City: Montevideo
  • StateProv:
  • PostalCode: 11400
  • Country: UY
  • RegDate: 2002-07-27
  • Updated: 2018-03-15
  • Ref: https://rdap.arin.net/registry/entity/LACNIC
  • OrgAbuseHandle: LWI100-ARIN
  • OrgAbuseName: LACNIC Whois Info
  • OrgAbusePhone: +598-2604-2222
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
  • OrgTechHandle: LACNIC-ARIN
  • OrgTechName: LACNIC Whois Info
  • OrgTechPhone: +598-2604-2222
  • OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN

Links to attack logs

bruteforce-ip-list-2020-11-18 ** ** **