148.66.137.120 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 148.66.137.120 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1001 - Data Obfuscation, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1190 - Exploit Public-Facing Application, T1210 - Exploitation of Remote Services, T1211 - Exploitation for Defense Evasion, T1412 - Capture SMS Messages, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1450 - Exploit SS7 to Track Device Location, T1454 - Malicious SMS Message, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1498 - Network Denial of Service, TA0011 - Command and Control, TA0029 - Privilege Escalation

• Tags: $WebWatson, adaptivebee, adult content, agent, agent tesla, agenttesla, alexa, alexa top, algorithm, amadey, america, amonetize, android, Anomalous.100%, anonymizer, api blog, apple, artemis, asyncrat, avast win32, ave maria, avg win32, azorult, back, bandoo, bank, banker, bankerddedridexexploit, bankerdridexevasive, banking, BehavesLike.YahLover, betabot, binder, bitbucket.org, blacklist, blacklist http, blacklist https, blacknet, blacknet rat, blacknet threats, bladabindi, bondat, botmaster, botnetwork, bounty, bradesco, brian sabey, brute force, buildno, burkina, c2, ca id, ca x3, channelisales, chaos, china cobalt, cisco umbrella, citadel, clean mx, cloudeye, cmc threat, cndst root, cnisrg root, cobalt strike, cobaltstrike4.tk, collections kp, command_and_control, communicating, conduit, contacted, __convergedlogin_pcustomizationloader_44b450e8d543eb53930d, core, count blacklist, covid19, crack, critical risk, cus cnr3, cutwail, CVE-2005-1790, CVE-2009-3672, CVE-2010-3333, CVE-2010-3962, CVE-2012-3993, CVE-2014-3153, CVE-2014-6332, CVE-2015-1641, CVE-2015-1650, CVE-2017-0143, CVE-2017-0147, CVE-2017-0199, CVE-2017-11882, CVE-2017-8464, CVE-2017-8570, CVE-2017-8759, CVE-2018-0802, CVE-2018-4893, CVE-2018-8373, CVE-2018-8453, CVE-2020-0601, CVE-2020-0674, CVE-2021-27065, CVE-2021-40444, CVE-2023-4966, cybereason, cyber stalking, cyber threat, darkgate, darkweb, date, daum, dbatloader, deep scan, defacement, de indicators, Delf.NBX, detection list, detections type, detplock, device, district, dnspionage, dns replication, docs pricing, domain, domains, domaiq, downer, downldr, download, downloader, dridex, dropbox, dropped, dropper, drpsuinstaller, edsaid, emotet, endangerment, engineering, et tor, evasive, evasivemsilratrevenge-rat, evilnum, execution, exe size, exit, exploit, exploited spyware, exploit_source, facebook, fakealert, feodo tracker, file name, FileRepMalware, files, financial, find, first, first seen, formbook, fortinet, fuery, gamehack, gating, generic, generic malware, Gen:Heur.Ransom.HiddenTears, genkryptik, ghost rat, gootkit, grandoreiro, hacker, hacking, hacktool, hallrender.com, hashes, heur, hijacker, hiloti, historicalandnew, historical ssl, hit, houdini, http, icedid, Icefog, icwrmind, iframe, incident ip, inmortal, installcore, installer, insurance, invasion of privacy, iobit, ios, iphone unlocker, ip security, ip summary, issuer, jansky, js user, key algorithm, keybase, key identifier, key info, keylogger, kgs0, kls0, known tor, kovter, kraken, languageenu, linux agent, live, lockbit, locky, loki, lokibot, Loki Password Stealer (PWS), loki pws, majorver16, malicious, Malicious domain - SANS Internet Storm Center, malicious red team, malicious site, malicious url, maltiverse, malvertizing, malware, malware distribution site, malware download, malware host, malware site, mas.to, matsnu, mb first, mediamagnet, meterpreter, microsoft, million, miner, mobilekey.pw, mozilla, msil, name, nanocore rat, necurs, network, network rat, networm, njrat, no data, node tcp, no expired, no na, noname057, no no, notepad, november, number, nymaim, olet, opera, osregion, outbreak, paypal, pe yandex, phishing, phishing paypal, phishingransomwaresinkhole, phishing site, pony, presenoker, prism_object, prism_setting, puffstealer, pykspa, python user, qakbot, quasar, quasar rat, raccoon, radamant, ramnit, ransomexx, ransomware, ransomwaretorrentlocker, rat, redirector, redirectors, redline, redline stealer, referrer, relayrouter, remcos, replacement, research group, resolutions, revenge rat, revenge-rat, rightsaided, riskware, rmndrp, rultazo, runescape, safe site, sality, sample, samples, search live, seen, send bug, service, shell, simda, sinkhole, site, skynet, sliver, smokeloader, sneaky server, snort ip, social engineering, solimba, sophos, South Carolina Federal Credit Union phishing, spammer, srdvd16010404, ssl certificate, states, static engine, stealer, steam, strike, subject public, summary, suppobox, suspic, swift, swrort, systemlocale, tag count, tagging, tag tag, targeted attack, team, threat, threat report, tinba, tor c++, tor c++ client, tor known, tor relayrouter, traffic, trickbot, trojan, trojanspy, trojanx, tsara brashears, twitter, type name, type win32, unauthorized, undetected dns8, undetected vx, union, united, unknown, unlocker, unreliable subdomains, unruy, unsafe, urls, url summary, ursnif, v3 serial, valid, vault, vawtrak, vdfsurfs, vendorname2581, vidar, virustotal, virut, vitro, vjw0rm, wacatac, wanacrypt0rwannacrywcry, webshell, webtoolbar, wells fargo, whois parent, whois record, whois siblings, whois whois, win32, win32 exe, win64, worm, yandex, zbot, zdb zeus, zeus

• JARM: 2ad2ad16d2ad2ad0002ad2ad2ad2ad783c15df386a8f7b030295f1ff4c2373

• View other sources: Spamhaus VirusTotal

• Country: Singapore
• Network: AS26496 godaddy.com llc
• Noticed: 6 times
• Protocols Attacked: SSH
• Countries Attacked: France, Spain, United States of America
• Passive DNS Results: ccgroupp.com theclubevents.com locksmithintualatinor.com yakubsheikh.com iplleague.com asiangroup.net timelesstattoosstudio.com mail.ngcgas.com starlingbagsni.co.uk www.starlingbagsni.co.uk careers.zentechnologies.com greatgurukul.com www.gameexcel.in gameexcel.in www.multilingualtranslationservices.co.nz www.skywayeducation.net skywayeducation.net volunteer.mykmm.org smonline.in nestandhives.com arcos.in www.fspl.co.in jrkhackers.com www.jrkhackers.com www.nanoceramicbahrain.com jpsaab.com www.jpsaab.com www.chonsanpham.com www.btofinance.com.au btofinance.com.au geekcoder.org www.gajendrasingh.com gajendrasingh.com www.thethumbfighter.com www.seriousmultimedia.com www.deforus.com bimlatech.com www.bimlatech.com spartantherapeutics.com ufsopl.com www.pondycoworking.com pondycoworking.com www.rhibhus.com vuonuocmo.edu.vn www.vuonuocmo.edu.vn yrcin.com www.scienceofaging.life scienceofaging.life www.yodallc.com muslimpharmacycollege.com www.dealsinsight.com www.fullspectrumbiologics.life fullspectrumbiologics.life nhipcaubatdongsan.com www.smile4kids.co.in smile4kids.co.in www.permaculturenepal.com test.dimahmaldives.com dobomacnha.com menu.dimahmaldives.com chennaihomes.net aahahomestay.com www.aahahomestay.com www.origoedu.in promaxdreamvillehome.com www.tildemelbourne.com sksnicuprailabdn.com www.easecare.com.au kakatiya-conf.com www.conscioussolutions.com conscioussolutions.com www.jskglobalservices.com www.dtplabs.com www.therealtalk.in therealtalk.in imirrecords.com bijoyful.com www.bijoyful.com sracpetrochem.com 3rdinews.com drdorisnlpcomplaints.com dorisnlpcomplaints.com vinoddiagnosticcenter.com www.lifecoachrupa.com www.mimg.com.ph mimg.com.ph vermaoverseas.ae www.vermaoverseas.ae nanikhajuri-educare.org rkgroupinstitutes.com www.charliecojuangco.com www.digicomtrainingacademy.com allindialabs.com drgurpreetsmedville.com chonsanpham.com yna.money encodessoftware.com www.vervedeveloper.com www.hamiltonsmotel.com.au www.freshtechtreatment.com.au www.neetugnews.com www.promaxproperties.in www.uoj.edu.pk uoj.edu.pk www.chenglidaxue.com www.cloudinfotech.co.in www.crestingstars.com www.mahjong101.com mahjong101.com www.affiliateadvisory.in affiliateadvisory.in www.audiomagick.net www.video7477.com school.hbstreams.com www.synergiecontrols.com www.dsepltd.com www.souqtajeer.com www.conscioussolutionscertifications.com aventro.co www.hrincconsultants.com www.vistaverse.io vistaverse.io www.planawedding.in planawedding.in www.avnvidainternationalschool.com mydailygainz.com boonbeans.com.au mail.boonbeans.com.au www.tb3media.com bhagwatimfgco.com otis10.fost.xyz www.integrationwings.com leatherempires.com www.muppas.com www.gatelearner.in www.gagandeepmakkad.com k-aquarium.com www.mykmm.org khanakpowersolution.com www.stanleyandgrace.com www.ranchi-uni.com www.kodencherycollege.ac.in www.rqfinancialadvisor.com www.sdacinfotech.com chatzman.com raayacollections.com www.crescentcorporation.com.pk www.bellevueslimming.com www.a2zhouserenovation.in www.ghoshconstruction.in www.mghoshtravels.in www.dba-support.in www.digital-market.in www.indiapharma.in shettyspetshop.com www.masterchefcaterers.com aaarecycler.com www.befreedlifestyle.com www.freeupland.com divkhush.com www.leadingstroke.com www.fieldblendwinestore.com.au knowledgetrack.co.in www.knowledgetrack.co.in annaiidiyappam.com www.drdorisnlp.com drdorisnlp.com gatemigration.co.in www.gatemigration.co.in www.italianboutiqueweddings.com mukeshsharmacontractor.com www.globeimpex.in www.yarrarangesnaturopathy.com.au www.alsnapp.com freeupland.com softtekiq.com www.ultimatestrokeofluck.com bidashb.com www.lifesurge.in lifesurge.in sparehubindia.com www.studio6v.com www.gtpholdings.co.uk infocomsolutions.in www.infocomsolutions.in shivarfoundation.com www.allinonepreparation.com perfektdigitalmedia.com psc.crawford.anu.edu.au hungertummy.com humble-international.com humbleoverseas.com injundesign.com manet.in ejectorpinindia.com godhaenterprises.com organicfarmecy.com www.laminacare.com mittalthakkar.com femtopharma.com malaysiaodia.org www.babieslovecare.com refriuniversal.com gagandeepmakkad.com jrmitwasi.com tildemelbourne.com neejtravels.com www.everonimpex.com techaegis.com vvpigmentandcolors.com chvedramplayschool.com livelihoodconsultancy.co.in weehaalife.com sapphiredentalclinic.com kapitibears.co.nz helpbuyusa.com cyblorian.com locksmithinalohaor.com harjeevekandhari.com brgcabs.com shopegood.com yajnavalkyahiriyur.com blgjanhitservices.com reqsglobotic.com delhitraveling.com finelivinghouston.com thecosmicartgallery.com rvdirectadmission.com www.diagonalcadd.com mayapillai.com topconsumerschoice.com neetpgnews.com essarchitects.com ec2erp.com myadsindia.com babycareindia.com tb3media.com gtpholdings.co.uk kairanstudio.com www.toppop.xyz matrixinfomedia.com btieducationandconsultants.com www.playtrue.in playtrue.in taoyuanwatercolor.tw divineyogalife.com harshinfra.com thecreativewalls.com xpressmediservices.com consultsmita.com candiaroad.com projectslb.com locksmithinhubbardor.com saikarunamayi.org khadibhandarvapi.com alfiakarimova.com beingkashmiri.com alajamytobacco.com kdnl.org hamiltonsmotel.com.au italianboutiqueweddings.com bakisdekorasyon.com image2imagezosconsultants.com www.prospecpg.com.au www.sukritidesign.com www.balurghatmunicipality.org yaaliyaazh.com sdacinfotech.com balurghatmunicipality.org scsit.in thebankersfactory.com ebmclinics.com www.caddcentretirupathur.com evolvaintelligentsolution.com admissiongurukul.com dnscrop.com umarnisarhero.com homescheckin.co rplegalconsultancy.com locksmithingladstoneor.com locksmithgreshamor.com mcsmoclient.com turbocreditpros.com elinfinitoindia.in gokashadventures.com www.downtownmohali.in chvedramschooledu.com papapolo.com.au annikamonzones.com baseclasses.com standardarmystore.com naveedajaved.com gatelearner.in milanapparels.com mrtvns.com lovetalk-english.com lanasangelshomecare.com bpackindustries.com tiggo.sg curtislam.com myastrospace.com chindailypost.com locksmithinwestlinnor.com anshikaiti.in atthehumanedge.com catalyststudiobh.com arenaindore.com habmgt.com antglob.com hygeneenviro.com jpmgroup.org prpenterprise.com thefishop.com brainstormingbox.org taiwaneselifeconversation.tw kitchnsolutions.com nascorptechnologies.com ashraeral.org anlegal.solutions steelaxinterio.com www.causetoconnect.in causetoconnect.in basavaraj.in vvkassociates.com downtownmohali.in freshtechtreatment.com.au ridermonk.com healthcurex.in rufeledigital.com thawngpang.in thisdiwalibumperoffer.com aadhavintech.com sellmygun.com.au trawellx.com ultimatestrokeofluck.com www.elysianaestheticsau.com nobeleducation.org tsdinteriordesign.com arfurniture.in stannspanagudi.com fixmycar.in evalbit.com jakxz.com leatherworldone.com saniyafashion.in divineeraschooledu.com spashtmedia.com thxcloud.com humblehrconsultancy.com sumitkumarrajput.com www.superteamstudio.com polishingtalents.com suslenceresearch.com www.suslenceresearch.com www.menteartgallery.com uddattasystems.com www.thevisioneducation.com www.pacificsecurity.net www.paperrockets.tech adapsense.com prospecpg.com.au bullair.com.au travellingjunkies.com cwubusinesssolutions.com vktechnologies.in www.onemedianetwork.in onemedianetwork.in conscious-solutions.org stanleyandgrace.com locksmithinwilsonvilleor.com banana-electric.com dev.thethumbfighter.com locksmithinfairviewor.com arozonahome.com maulikbansal.com joyoflearning.co.in ingeniumn.com www.vrhrpro.com mv-digital.net webbeebd.com adoisstudio.com www.chikitsamitra.co.in chikitsamitra.co.in locksmithincorneliusor.com agyatools.com directadmissions.info vcs-india.com neerey.com recreationdynamics.in apkarasan.com yoee.in koyistore.com kammamarriages.com juphomes.com.au sakshattravel.com sti.com.au www.thoughtware.co.in sattvamedtech.com 1csolutions.com 4dxifoundation.com crossitpharma.com stxaviers.info stxaviers.in www.stxaviersjaynagar.in teleservasia.com hawini.xyz icdgaustralia.org neetugnews.com lwjintl.com groomingtechnology.com locksmithinclackamasor.com www.edu-wire.com zentechnologies.com alqazi.com arunodayadevelopers.com travelsynonyms.in standardarmystore.in healthylifestyle-wellness.com kjmdreamz.com origoedu.in isabelleesthetiquepro.com jscollegebudaun.com bmsdirectadmission.com healingnatureph.com rhibhus.com crescentcorporation.com.pk kalingabikash.org vividinteriorsconcept.com centre4intrapreneurship.com www.reformedbooks.org builtbyelitefitness.com seriousmultimedia.com austrac.com.au tycwatercolor2018.tw locksmithinnewbergor.com digicomtrainingacademy.com www.tradespine.co.in tradespine.co.in helium3biotech.com caydenlam.com absoluteshawarma.com deforus.com virtualdiscovery.com.au www.societypublishing.com ionicwhiz.in villageschoolfoundation.com sathyakamath.com ankitnaudiyalonline.xyz www.lazydoor.in www.elephantjazz.org anuragprakashan.com thisdiwalibumperoffers.com wideanglephotos.in ndartistry.com bizotics.com villageyouthfoundation.com karnatakachiefengineers.com beautybymehak.com locksmithinwesthillsor.com trikarn.com synergiecontrols.com hillandsea.co locksmithinoregoncityor.com g3ro.com lakeshomecruise.com jackpak.biz www.thenestdevelopers.com sricsinfradevelopers.com insycon.org haricelam.com air-conditionin.com ngcgas.com www.tv-vyakhya.in www.tbt.nz nlpdoris.com www.saityres.com saityres.com www.aahasolutions.co.uk bombaygrowers.com laany.com www.pubgpool.in nanoceramicbahrain.com norascarbonate.com www.norascarbonate.com www.cync.agency locksmithinsherwoodor.com ecoedgesolutions.com stockmanagedemo.itsk.in www.stockmanagedemo.itsk.in bedtco.com www.bedtco.com rawalconnect.com trinitymusichousecomplaints.com www.alqimma.com vaahovintage.com www.drrajaselvarajan.com elitelifeextension.com rajbidriartcraft.com www.hbstreams.com www.sell-o.in

Malware Detected on Host

Count: 21 2f71c2aca595dca2830cd5ecb4927e3a5f8502637929ca874165ccf1997f896f ec89d0e6cae628f658627f32a83bd166ba7e708decfb3e5e0f1f2a8c13afa8ae 4cef59db0391b1c586c231bdf47e4ae037943f1d4452eb8de2488877d75ce82d edfdda1e7c68e0de6f76d5cd93e972ad04643552dd7b50174ca2f462ee73c74e a2700a0d548fc2a103507eb8e9188f435ccdfa9cbb7338647d1504d725c2c43a 1ec6a3bd9f69d50a67c39d36512e60d46c4c543aa38239fb7547998ca49f29f1 20d2be74f91e5d549f72ac8d65a6a7c436c2936950efd41cd626ab9eff520c7c 6c67c435c6894c0ec992d34794f68a497c5c55778a4ea811b322b9c1f539841b 946d379003a8578e7f97313a542c8bdaaabb216968b6cd6db6336ddcf7324d15 a863b80f05038941385d809148546aa22fc71eb2b14ce02b78f40470e718a6a9

Open Ports Detected

110 2077 2082 21 22 3306 443 587 80 993 995

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2016-3115 CVE-2017-15906 CVE-2018-15473 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-15778 CVE-2021-36368 CVE-2023-38408 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 CVE-2023-51767

Map

Whois Information

• NetRange: 148.66.128.0 - 148.66.159.255
• CIDR: 148.66.128.0/19
• NetName: APNIC
• NetHandle: NET-148-66-128-0-1
• Parent: NET148 (NET-148-0-0-0-0)
• NetType: Early Registrations, Transferred to APNIC
• OriginAS:
• Organization: Asia Pacific Network Information Centre (APNIC)
• RegDate: 2016-08-18
• Updated: 2016-08-18
• Ref: https://rdap.arin.net/registry/ip/148.66.128.0
• OrgName: Asia Pacific Network Information Centre
• OrgId: APNIC
• Address: PO Box 3646
• City: South Brisbane
• StateProv: QLD
• PostalCode: 4101
• Country: AU
• RegDate:
• Updated: 2012-01-24
• Ref: https://rdap.arin.net/registry/entity/APNIC
• OrgTechHandle: AWC12-ARIN
• OrgTechName: APNIC Whois Contact
• OrgTechPhone: +61 7 3858 3188
• OrgTechEmail: search-apnic-not-arin@apnic.net
• OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
• OrgAbuseHandle: AWC12-ARIN
• OrgAbuseName: APNIC Whois Contact
• OrgAbusePhone: +61 7 3858 3188
• OrgAbuseEmail: search-apnic-not-arin@apnic.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
• inetnum: 148.66.128.0 - 148.66.159.255
• netname: GODADDY-NET-SG
• descr: Godaddy.com
• country: SG
• org: ORG-GA30-AP
• admin-c: GNA32-AP
• tech-c: GNA32-AP
• abuse-c: AG713-AP
• status: ALLOCATED PORTABLE
• mnt-by: APNIC-HM
• mnt-lower: MAINT-GODADDY-NET-SG
• mnt-routes: MAINT-GODADDY-NET-SG
• mnt-irt: IRT-GODADDY-NET-SG
• last-modified: 2020-05-18T23:16:40Z
• irt: IRT-GODADDY-NET-SG
• e-mail: abuse@godaddy.com
• abuse-mailbox: abuse@godaddy.com
• admin-c: GNA32-AP
• tech-c: GNA32-AP
• mnt-by: MAINT-GODADDY-NET-SG
• last-modified: 2023-10-31T18:18:14Z
• organisation: ORG-GA30-AP
• org-name: Godaddy.com
• org-type: LIR
• country: SG
• phone: +011-1-480-284-9138
• fax-no: +011-1-480-505-8800
• e-mail: noc@godaddy.com
• mnt-ref: APNIC-HM
• mnt-by: APNIC-HM
• last-modified: 2023-09-05T02:15:38Z
• role: ABUSE GODADDYNETSG
• country: ZZ
• phone: +000000000
• e-mail: abuse@godaddy.com
• admin-c: GNA32-AP
• tech-c: GNA32-AP
• nic-hdl: AG713-AP
• abuse-mailbox: abuse@godaddy.com
• mnt-by: APNIC-ABUSE
• last-modified: 2023-10-31T18:18:54Z
• role: GODADDYCOM - network administrator
• country: SG
• phone: +011-1-480-505-8800
• e-mail: noc@godaddy.com
• admin-c: GNA32-AP
• tech-c: GNA32-AP
• nic-hdl: GNA32-AP
• mnt-by: MAINT-GODADDY-NET-SG
• last-modified: 2016-04-26T06:49:47Z
• route: 148.66.137.0/24
• origin: AS26496
• descr: Godaddy.com
• mnt-by: MAINT-GODADDY-NET-SG
• last-modified: 2023-10-31T18:27:43Z

Links to attack logs

****** ****** ******