IPMediumSignal 56/100
119.59.124.163
Location
ThailandBang Rak, Krung Thep Maha Nakhon
ASN
AS56067
Metrabyte Co., Ltd
First Seen
Sep 15, 2020
Last Seen
May 31, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryThailand
ThailandRegionBang Rak, Krung Thep Maha Nakhon
ASNAS56067
OrganizationMetrabyte Co., Ltd
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
15 reports56% confidence
15
Source reports
56%
Confidence score
Category tags
aaaaacademic institutionsacceptaccess controlaccess point controlleraccess ta0001account securityactive scanactive scanningaddressadobe portableadwareaigalbertaalbertandpalertsalexaalexa topalf featuresall octoseekall scoreblueall searchamazon 02analysis dateanalyzer pasteanalyzer threatanguillaap controllerapcappdataappleapple iosapple notepadartemisarubaascii textasiaasnone unitedasyncratattackaustraliaauthorityav detectionsavailable fromawfulazure tlsbackdoorbad reputationbank securitybarbadosbasicbest targetsbetabotbitratblacklist httpblacklist httpsbodybody doctypebody lengthbootbotname httpbotnetbotnet activitybouvet islandbrent kimballbrian sabeybrute forcec2ca executioncanadacatalog filecatalog treecbe cnalphasslchinacisco umbrellacivil servicescivil societycivilian societyck idck matrixclassclick-based attackclipper dosclosecloud infrastructurecnccnc feodocnc servercoalition etcobalt strikecode executioncode injectioncom laudecommandcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiesconnect azurepccontacted ipcontacted urlscorecosta ricacountrycovid19creation datecredential brute forcecredential harvestingcredential stuffingcritical riskcronup threatcryptocurrencycryptocurrency threatscryptojackingcuraçaocus cnmicrosoftcyber criminalcyber threatdark consultantsdarkgatedat ngocdatadata accessdata collectiondata copyingdata encryptiondata exfiltrationdata store exposuredata transferdata uploaddau tuddnsddosdeepscandefense evasiondeletedetection listdigital mediadistributed attacksdll sideloadingdns attackdocument formatdomains iidone addingdos comdownloaderdridexdroppeddroppere1082 impacte1203 datae1564 discoveryeducational resourceseducational serviceseducational technologyelectronic health recordsemotetemotet ipencryptencryptionenergyenergy distributionengineeringentertainment technologyentityentrieseraseerroret cncetpro malwareeuropeevasion ob0006evilevil cexe32executable fileexpiration dateexpires thuexploit attemptexploitationexploitation activityextortionextrifakedout threatfeodofeodo trackerffssfilefilesfiles matchingfinal urlfinancefinancial institutionfinancial servicesfindfirstflow t1574font formatfor privacyfoundfueryfusioncoreg2 oglobalsigngamersgeckogeneratorgenericgeneric windosgermanyget httpgigaipsgigavpngoldmaxgovernment technologyguardgui32gvb gelimedhackershasheshashes hashesheader intelheadersheaders datehealth care and social assistancehealth information technologyhealthcare information systemsheurhide artifactshighhigh levelhigh processhigh securityhigher educationhighly targetedhistorical sslhistoryhitmenhospital managementhosthostname enumerationhtmlhtml infohttp attackhttp attackerhttp brute forcehttp requestshttp responsehttp scannerhybrididentity & access exploitationids detectionsiframeinclude reviewindustry_and_commerceinfo compilerinfo headerinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinfrastructure probingingress tool transferinjection activityinjection t1055intelintellectual property theftintrusion prevention systemiocsipsipv4ireland unknownissuerissuing cait infrastructurejpegjul jank-12 educationkgs0kgso activitykhtmlkls0klso activitykrakenl4lifelinkerlocallockbitloggerlogon autostartmail spammermakopmaliciosamalicious activitymalicious downloadmalicious file transfersmalicious linksmalicious sitemalicious softwaremalicious url repositorymalspammalwaremalware distributionmalware sitemaui ransomwaremedia & entertainmentmedia centermedia distributionmedical facility targetmedical facility targetingmedical servicesmediummemory patternmeta tagsmetromexicomillionmitre attmobile carriersmobile networksmobile threatmodify systemmon julmovedmr windowsms visualms wordmsiemultimedia productionmy boy dannacname md5name serversnanocore ratnetflownetherlandsnetworknetwork access controlnetwork loggernetwork probingnetwork reconnaissancenetwork scanningnextnjratno datanone relatednorth americanortonnumberob0005 defenseob0007 systemob0012 hideoceaniaoil & gasollydbgopenoperating system securityos2 executableotx octoseekouioverlayoverview ippalevopalevo trackerparentspassive dnspastepatient carepattern matchpcidump rasmanpdf documentpe32 compilerpe32 packerphilippinesphishingphishing attackphishing intelligencephishing siteplasmapleasepolandpolcertponypornpostpost httppotential data breachpower generationpower systemspragmapremiumprobeprocess injectionprocess t1543processes treeproducts idproxypublic administrationpublic infrastructurepublic keypublic policypulse pulsespulse submitqosqr codequasiramnitransomwareraspberry robinrcmprcmp abrcmp kelownarecent emotetreconnaissancerecord typerecord valuerecording industryredline stealerredrumregistry keysregulatory agenciesrelacionada conrelated pulsesreloadremote accessremote servicesremote systemrenewable energyrequestresearchedresource hijackingreviewroot caroundupsafe sitesalesalitysamplessandboxscams & fraudscan endpointsschemescript urlssearchsecurity operationssecurity policyselfsensitive data exposureserversserviceserving ipshell commandsshelltraywndshowshowingsibotsint maarten (dutch part)sitesite reconnaissancesitesslcc2slovakiasmtp abusesnatchsneaky serversnortsoarsocial engineeringsodinokibisoftware developmentsoftware exploitationspamspawnsspotify artistsqli dumpersslssl certificatestart servicestatus codestealerstop servicestreaming servicesstringssubmit urlsubnet mask tablesummarysummary iocssystem disruptiont1005t1021t1027t1030t1040t1055t1059t1059.001t1059.007t1063t1071t1071.001t1078t1105t1110t1133t1189 foundt1190t1203t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1539t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1589t1589.001t1590t1590.001t1592t1593t1595t1595.001t1595.002t1595.003ta0004 processtag counttag managertags nonetargettargeting databaseteamteam phishingteam toptelecom servicestelecommunicationstelefonica cotelusththailandthreatthreat actorthreat intelligencethreat intelligence feedthreat networkthreat preventionthreat reportthreat roundupthreats ettitletitle errortls snitmobiletnhh quantoolstor nodetrackertrinidad and tobagotrojan malwaretsara brashearsttl valuetulachtwittertypetype nameualbertaukraineunauthorizedunauthorized accessunitedunited kingdomunited statesunsafeurlsurls httpurls httpsurls urlusd twitteruseruser executionutc googleutc gtmsxrfutc submissionsv3 serialvirgin islands, u.s.virtoolvisual traceroutevpnvsocvulnerability scanweb exploitationweb openweb securityweb trafficwebsite defacementwebsite infrastructure analysiswebsite investigationwhoiswhois lookupwhois recordwhois registrarwhois whoiswidewin16 newin32 exewin32 malwarewin32mydoom febwinboxwindows malwarewindows ntwindows servicewordworkers compensationwormwritex8bxe5yara detectionsyara rulezbotzeuszeus tracker
Activity Timeline
May 31May 31
Threat Activity Heatmap
· Peak: 2026-05-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
15
Reports
First seenSep 15, 2020
Last seenMay 31, 2026
GeolocationTH
CountryThailand
LocationBang Rak, Krung Thep Maha Nakhon
ASNAS56067
OrgMetrabyte Co., Ltd
Coords13.7291, 100.5160
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Strange Medical Facility with Overt Bad Actors already Spying on Disabled. Everything including bathroom is monitored. founderintech.com www.galbutfamilyfoundation.com wpengine.com https://foundry2sdbl.dvr.dn2.n-helix.com http://foundry2sdbl.dvr.dn2.n-helix.com pegasusthruster.com https://www.pegasusthruster.com/ smtp.pegasustech.net http://pegasusthruster.com/shoppegasus/includes/att
- raw
- inetnum: 119.59.96.0 - 119.59.127.255 netname: METRABYTE-TH descr: 18 Floor CAT Telecom Tower descr: 72 Charoenkrung Road Bangrak Bangkok THAILAND 10501 country: TH org: ORG-MC4-AP admin-c: MC1395-AP tech-c: MC1395-AP abuse-c: AM2606-AP status: ALLOCATED PORTABLE remarks: Used for IPv4 remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-METRABYTE-TH mnt-routes: MAINT-METRABYTE-TH mnt-irt: IRT-METRABYTE-TH last-modified: 2020-07-07T14:15:15Z source: APNIC irt: IRT-METRABYTE-TH address: 18 Floor CAT Telecom Tower 72 Charoenkrung Road Bangrak Bangkok THAILAND 10501 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: MC1395-AP tech-c: MC1395-AP auth: # Filtered remarks: [email protected] was validated on 2026-03-10 remarks: [email protected] was validated on 2026-03-10 mnt-by: MAINT-METRABYTE-TH last-modified: 2026-03-10T13:41:49Z source: APNIC organisation: ORG-MC4-AP org-name: Metrabyte Co.,Ltd org-type: LIR country: TH address: 453 Ladplacout Jorakhaebua phone: +66-865673201 fax-no: +66-21054322 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:15:46Z source: APNIC role: ABUSE METRABYTETH country: ZZ address: 18 Floor CAT Telecom Tower 72 Charoenkrung Road Bangrak Bangkok THAILAND 10501 phone: +000000000 e-mail: [email protected] admin-c: MC1395-AP tech-c: MC1395-AP nic-hdl: AM2606-AP remarks: Generated from irt object IRT-METRABYTE-TH remarks: [email protected] was validated on 2026-03-10 remarks: [email protected] was validated on 2026-03-10 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-03-10T13:41:54Z source: APNIC role: METRABYTE COLTD address: 18 Floor CAT Telecom Tower 72 Charoenkrung Road Bangrak Bangkok THAILAND 10501 country: TH phone: +6620263124 fax-no: +6629403279 e-mail: [email protected] admin-c: MC1395-AP tech-c: MC1395-AP nic-hdl: MC1395-AP mnt-by: MAINT-METRABYTE-TH abuse-mailbox: [email protected] last-modified: 2017-04-19T11:01:09Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 21 days ago
Appeared in 15 threat reports