IPMediumSignal 43/100
160.30.208.11
Location
SingaporeSingapore, North West
ASN
AS965
Namecrane LLC
First Seen
Dec 18, 2024
Last Seen
Apr 28, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySingapore
SingaporeRegionSingapore, North West
ASNAS965
OrganizationNamecrane LLC
Feed Intelligence Summary
15 reports43% confidence
15
Source reports
43%
Confidence score
Category tags
abuseacceptaccept encodingaccess controlaccount securityactive scanactive scanningaddressalertsalex karpall ipv4america asnamerica flaganalysis tipapacheapache attackerappleascii textaustraliaauto-generated securityav detectionsbad reputationbad trafficbodybotnetbotnet activitybrute forcebrute force attackbrute force attemptsbuzzchristopher p. ahmannchromeck idck matrixclassclick-based attackcloud infrastructurecnamecode executioncommandcommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcontent typecowrie honeypotcredential accesscredential attackcredential stuffingcrypctacyber crimeczech republicdata encryptiondata exfiltrationdata recoverydata store exposureddosddos attacksdecoy systemdefense evasiondelphidionaea honeypotdistributed attacksdiv divdnsdns attackdockdynamic_contentdynamicloadereb e1ee fcelon muskemailsencryptencryptionenter sourceerroret infoeuropeeva lisaeva reimerevasionexe uploadexpirationexpiration dateexploitexploitationexploitation activityexploitation attemptf0 fffailurefattff bbff d5filesfiles domainfiles ipfiles locationfiles relatedfingerprintingflagflag unitedformatftpgenericgeneric httpgermanygithubgithub httpsgooglehackershelvetica neuehelvetica segoehighhoneytrap honeypothostinghostname addhostname enumerationhrefhttp attackhttp scannerhybridicmp trafficidentity & access exploitationids detectionsiframeindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassintelinternet of thingsinternet-facingiocsiot botnetiot securityiot/ics attackipv4 addisrael israelit infrastructurejeffrey reimerlateral movementlearnlocallookm. brian sabeymailoney honeypotmalicious activitymalicious downloadmalicious linksmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmastodon-benignmedia centermediummetadata analysismirai botnetmitre attmonitored targetmovedmozillamsiename serversname tacticsnamed pipenetworknetwork intrusion attemptnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnextno expirationno such agencynorth americanso groupoceaniaopenurl coperating system securityp0fpassive dnspassword attackspath traversalpattern matchpegasuspeter theilphishingphishing attackphishing trapportpostpragmapresent decpresent febpresent junpresent marprocess injectionprocess32nextwprotocol exploitationpulse pulsespulse submitquasi governmentransomwarereconnaissancerecord valuerefreshreimer dptrelated nidsrelated tagsremote servicesrequest blockedresearchedresource hijackingrestartreverse dnsscannerscanning activityscript scriptsearchsecurity policysensor-taggedsentrypeer botnetserversservice scanshowshow processshow techniqueshowingsizeslcc2smart assemblysmtpsocial engineeringsocial media securitysoftware developmentsoftware exploitationspanspawnsssh attackssh monitoringssl certificatestarfieldstatusstringssub domaint1021t1021.002t1023t1027t1036t1036.004t1036.005t1040t1041t1046t1053t1055t1057t1059t1060t1063t1069t1070t1071t1071.001t1071.004t1077t1078t1082t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1129t1143t1155t1190t1203t1204t1204.001t1204.002t1480t1480 executiont1486t1496t1497t1499.001t1499.002t1499.003t1553t1553.002t1562t1565t1566t1568t1568.002t1583t1583.001t1583.005t1587.001t1589.001t1590t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontitletls handshaketoolstop destinationtop sourcetor analysistor nodetpottrojan malwaretsaraui arialukraineunitedunited statesunknown cnameunknown nsurlsususer executionvalueverified-benignverifyvirtoolvoipvoip attackvulnerability scanweb application attackweb application exploitationweb securityweb trafficwelcomewin32 malwarewindirwindows malwarewindows ntwp enginewriteyara detectionsyara rule
Activity Timeline
Apr 28Apr 28
Threat Activity Heatmap
· Peak: 2026-04-28LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
15
Reports
First seenDec 18, 2024
Last seenApr 28, 2026
GeolocationSG
CountrySingapore
LocationSingapore, North West
ASNAS965
OrgNamecrane LLC
Coords42.9134, -85.7053
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 160.21.0.0 - 160.30.255.255 CIDR: 160.21.0.0/16, 160.28.0.0/15, 160.22.0.0/15, 160.30.0.0/16, 160.24.0.0/14 NetName: APNIC NetHandle: NET-160-21-0-0-1 Parent: NET160 (NET-160-0-0-0-0) NetType: Early Registrations, Transferred to APNIC OriginAS: Organization: Asia Pacific Network Information Centre (APNIC) RegDate: 2017-09-05 Updated: 2017-09-05 Ref: https://rdap.arin.net/registry/ip/160.21.0.0 OrgName: Asia Pacific Network Information Centre OrgId: APNIC Address: PO Box 3646 City: South Brisbane StateProv: QLD PostalCode: 4101 Country: AU RegDate: Updated: 2012-01-24 Ref: https://rdap.arin.net/registry/entity/APNIC ReferralServer: whois://whois.apnic.net ResourceLink: http://wq.apnic.net/whois-search/static/search.html OrgAbuseHandle: AWC12-ARIN OrgAbuseName: APNIC Whois Contact OrgAbusePhone: +61 7 3858 3188 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports