IOC Radar
IPMediumSignal 0/100

165.160.13.20

Location
United StatesUnited States
Washington, District of Columbia
ASN
AS19574
Corporation Service Company
First Seen
Apr 2, 2025
Last Seen
Jun 8, 2026
Apr 2
First Seen
437d ago
Jun 8
Last Seen
5d ago
4
Reports
source reports
0%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionWashington, District of Columbia
ASNAS19574
OrganizationCorporation Service Company

Feed Intelligence Summary

4 reports0% confidence
4
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
4
Reports
First seenApr 2, 2025
Last seenJun 8, 2026
GeolocationUS
CountryUnited States
LocationWashington, District of Columbia
ASNAS19574
OrgCorporation Service Company
Coords39.7358, -75.6657

VirusTotal

Not checked

WHOIS

description
Warning:Probably fake Windows Update Sigma Rule--DONUTLOADER has been detected (YARA) Steals Growtopia credentials and data (YARA) cont in notesMEDUZA has been detected (YARA) XWORM has been detected (SURICATA) T1555.003 Credentials from Web Browsers (1) Steals credentials from Web Browsers T1552.001 Credentials In Files (1) Steals credentials from Web Browsers T1217 Browser Information Discovery (1) Steals credentials from Web Browsers Warning 9 the rest in comments
raw
NetRange: 165.160.0.0 - 165.160.255.255 CIDR: 165.160.0.0/16 NetName: CSCNET NetHandle: NET-165-160-0-0-1 Parent: NET165 (NET-165-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Corporation Service Company (CORPO-9-Z) RegDate: 1993-06-24 Updated: 2021-12-14 Ref: https://rdap.arin.net/registry/ip/165.160.0.0 OrgName: Corporation Service Company OrgId: CORPO-9-Z Address: 251 Little Falls Drive City: Wilmington StateProv: DE PostalCode: 19808 Country: US RegDate: 2008-01-11 Updated: 2024-10-31 Ref: https://rdap.arin.net/registry/entity/CORPO-9-Z OrgAbuseHandle: DOMAI486-ARIN OrgAbuseName: Domain Abuse OrgAbusePhone: +1-302-636-5400 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DOMAI486-ARIN OrgTechHandle: ARINT19-ARIN OrgTechName: ArinTech OrgTechPhone: +1-302-636-5400 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ARINT19-ARIN RTechHandle: ARINT19-ARIN RTechName: ArinTech RTechPhone: +1-302-636-5400 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ARINT19-ARIN
references
https://www.virustotal.com/graph/gd1ff5768b2664e929321fbbba11cdf662fd75aef40384370ac36eebfca5a98ac, https://www.virustotal.com/graph/geceb9243e6394031b8147d11a4b06deac0e8040108274aed8fc1bd1caa97e50e, https://www.virustotal.com/graph/g421a86ac07464c738403156b4e8f3f73ecf609e03a2d46e9a7c44f3fef6d5dce, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, cnbd.net | d1.cnbd.net | localhost.cnbd.net | mail.cnbd.net | siteinlink.d1.cnbd.net cnbd.net hghltd.yandex.net, Researched: http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead/, Researched: http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer/, https://www.anyxxxtube.net/search-porn/tsara-brashears/, Crowdsourced Sigma: Matches rule Potential Dead Drop Resolvers by Sorina Ionescu, X__Junior (Nextron Systems), Crowdsourced YARA: Matches rule Base64_Encoded_URL from ruleset Base64_Encoded_URL by InQuest Labs, Crowdsourced IDS: Matches rule PROTOCOL-ICMP Unusual PING detected, Crowdsourced IDS: Matches rule PROTOCOL-ICMP PING Windows, Crowdsourced IDS: Matches rule PROTOCOL-ICMP PING, Crowdsourced IDS: Matches rule PROTOCOL-ICMP Echo Reply, Yara Detections: Delphi, "Malware Behavior Catalog Tree: Anti-Behavioral Analysis OB0001 Debugger Detection B0001 Process Environment Block B0001.019 Dynamic Analysis Evasion B0003 Delayed Execution B0003.003, "Malware Behavior Catalog Tree: Anti-Static Analysis OB0002 Obfuscated Files or Information E1027 Encoding-Standard Algorithm E102, "Malware Behavior Catalog Tree : Defense Evasion OB0006 Obfuscated Files or Information E1027 Encoding-Standard Algorithm E1027.m02, "Malware Behavior Catalog Tree: Hidden Files and Directories F0005 Self Deletion F0007, "Malware Behavior Catalog Tree: Discovery OB0007 Analysis Tool Discovery B0013 Process detection B0013.001 System Information Discovery E1082 File and Directory Discovery E1083, "Malware Behavior Catalog Tree: Execution OB0009 Install Additional Program B0023 Command and Scripting Interpreter E1059, "Malware Behavior Catalog Tree: Analysis Tool Discovery F0005 Self Deletion F0007, "Malware Behavior Catalog Tree: Discovery OB0007 System Information Discovery B0013 Process detection B0013.001, "Malware Behavior Catalog Tree: Hidden Files and Directories E1082 File and Directory Discovery E1083, Malware Behavior Catalog Tree: Command and Scripting Interpreter OB0009 Install Additional Program B0023, "Dataset actions -System Property Lookups: IIWbemServices::Connect, "Dataset actions - System Property Lookups: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor, "Dataset actions - System Property Lookups: Execution OB0012 F0005 File System OC0001 Create File C0016 Create Directory C0046 Delete File C0047 Delete Directory C0048 Get File Attributes C0049 Read File C0051 Writes File C0052 Memory OC0002 Allocate Memory C0007 Change Memory Protection C0008 Process OC0003 Create Process C0017 Create Suspended Process C0017.003 Set Thread Local Storage Value C0041 Data OC0004 Encode Data C0026 XOR C0026.002 Checksum C0032 CRC32 C0032.001 Modulo C0058 Cryptography OC0005, Researched: d569ab9b9e89ebd9e2ff995bcd6509bc.virus, Apple Issues: apple-validsecure.serviceirc.com serviceirc.com http://apple-validsecure.serviceirc.com https://apple-validsecure.serviceirc.com, Apple Issues: checkapple.com http://www.checkapple.com/ https://bincc.xyz/bin-apple-music-1month-apple-tv-7days apple-marketing.com, Apple Issues: app-appleid.serveirc.com appleid-appleus.serveirc.com appleidapple.serveirc.com apples-uncek.serveirc.com, Apple Issues: http://www.apple-verifallert.serveirc.com/ http://www.appleid-lockid.serveirc.com/ http://www.appleid-seccure23.serveirc.com/, Apple Issues: http://www.appleid-secure20.serveirc.com/ http://www.appleid-secure22.serveirc.com/ serviceirc.com, Apple Issues: http://www.appleid-supporthelp.serveirc.com/ http://www.appleids-security.serveirc.com/, Apple Issues: URL https://bincc.xyz/bin-apple-music-1month-apple-tv-7days, Apple Issues: http://checkapple.com/home/item/131-iOs-%E0%B9%80%E0%B8%A1%E0%B8%B7%E0%B8%AD%E0%B8%87%E0%B8%9C%E0%B8%B9%E0%B9%89%E0%B8%94%E0%B8%B5-%E0%B8%9F%E0%B8%B1%E0%B8%99%E0%B8%98%E0%B8%87-iPhone-4-%E0%B8%9A%E0%B8%B2%E0%B8%87%E0%B8%81%E0%B8%A7%E0%B9%88%E0%B8%B2-Galaxy-S-2.htm, Apple Fraud Issues: 15.197.192.55 | IDS Detections: Hiloti Style GET to PHP with invalid terse MSIE headers W32/Bayrob Attempted Checkin 2, Apple Fraud Issues: 15.197.192.55 | IDS Detections: Terse HTTP 1.0 Request Possible Nivdort Worm.Mydoom Checkin User-Agent (explwer), Apple Fraud Issues: 15.197.192.55 | IDS Detections: Hiloti/Mufanom Downloader Checkin Win32.Sality-GR Checkin Backdoor.Win32.Shiz.ivr, Apple Fraud Issues: 15.197.192.55 | IDS Detections: Empty Checkin Upatre Retrieving encoded payload (Common Header Struct), Apple Fraud Issues: 15.197.192.55 | IDS Detections: Checkin Win32/Nivdort, Antivirus Detections: ALF:HeraklezEval:Ransom:Win32/CVE , ALF:HeraklezEval:Trojan:Win32/Salgorea!rfn , ALF:HeraklezEval:Trojan:Win32/Zombie.A, Antivirus Detections: ALF:Trojan:Win32/FormBook.F!MTB , Backdoor:Linux/Setag!rfn , Backdoor:Win32/Bifrose.IQ , Backdoor:Win32/Simda!rfn, Antivirus Detections: ALF:HeraklezEval:TrojanDownloader:HTML/Adodb!rfn , ALF:PUA:Win32/InstallMate.P , ALF:Trojan:Win32/Cassini_f9070846!ibt, "Malware Behavior Catalog Tree: File System OC0001 Create File C0016 Create Directory C0046 Delete File C0047 Delete Directory C0048, "Malware Behavior Catalog Tree: Get File Attributes C0049 Read File C0051 Writes File C0052 Memory OC0002 Allocate Memory C0007, "Malware Behavior Catalog Tree: Change Memory Protection C0008 Process OC0003 Create Process C0017, "Malware Behavior Catalog Tree: Suspended Process C0017.003 Set Thread Local Storage Value C0041 Data OC0004, "Malware Behavior Catalog Tree: Create 00001807 Encode Data C0026 XOR C0026.002 Checksum C0032 CRC32 C0032.001, "Malware Behavior Catalog Tree: Modulo C0058 Cryptography OC0005 Generate Pseudo-random Sequence C0021, "Malware Behavior Catalog Tree: Communication OC0006 HTTP Communication C0002 Operating System OC0008 Registry, "Malware Behavior Catalog Tree: Registry Value C0036.006 Capabilities Data-Manipulation", "Malware Behavior Catalog Tree: C0036 Open Registry Key C0036.003 Create Registry Key C0036.004 Query, Capabilities Data: Manipulation Generate random numbers using the Delphi LCG Encode data using XOR Hash data with CRC32, Capabilities Data: Linking Link function at runtime on Windows Collection Get geographical location Targeting Identify system language via API, Capabilities Data: Executable Extract resource via kernel32 functions Contain a thread local storage (.tls) section Packaged as an Inno Setup installer, Capabilities Data: Anti-Analysis Reference analysis tools strings Internal (Internal) installer file limitation, Capabilities Data: Host-Interaction - Get file attributes Create process suspended Create process on Windows, Capabilities Data: Host-Interaction - Allocate or change RWX memory Accept command line arguments Set thread local storage value, Capabilities Data: Host-Interaction - Get system information on Windows Delete directory, Capabilities Data: Host-Interaction - Get thread local storage value Read file on Windows Write file on Windows, Capabilities Data: Host-Interaction - Get file size Query environment variable Get common file path, Capabilities Data: Host-Interaction - Query or enumerate registry value Delete file Create directory Shutdown system, Capabilities Data: Host-Interaction - Modify access privileges Check if file exists, http://hghltd.yandex.net/yandbtm?fmode=inject&url=http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer/, https://www.virustotal.com/graph/ga30c6413c45144b1a221e1aff89d0409388da1a555bc4109bbc3d1391bcab10f, https://www.virustotal.com/gui/collection/4f7b46232272af163094a112706688ee89392e3643071042468b87b3f6cd49d6/graph, https://www.virustotal.com/gui/collection/4f7b46232272af163094a112706688ee89392e3643071042468b87b3f6cd49d6/iocs, https://viz.greynoise.io/analysis/9d0c02d0-24a8-4624-bbd7-cc7335f0a438, https://myurologyclinic.com/ret/GU7oiR/[email protected]?toWww=1&redig=AA6137947E9541C0A0DB667324AA394E (moved), https://attack.mitre.org/techniques/T1568/002/, http://www.junefabrics.com/android/activate.php, Backdoor.PcClient, https://myaccount.uscis.gov/ • Immigration (DHS) Login •, https://otx.alienvault.com/indicator/url/https://myaccount.uscis.gov/, https://otx.alienvault.com/indicator/file/e1bac17d00f49b033b745ebede6561a5d4f5ef573831f9a941797b5ea8894331, High Priority IP’s Contacted • network_irc nolookup_communication • network_cnc_http • network_http p2p_cnc • MethCallEngine, Huawei Remote Command Execution - Outbound (CVE-2017-17215) • dead_host • network_icmp • osquery_detection, Mirai Variant Checkin Response • D-LINK Router DSL-2750B RCE M2 - Outbound (metasploit version) • Domains Contacted ntp.ubuntu.com, Yara Detections: GlassesCode, http://mobile.suddenlink2go.com/, https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3, https://applemusic-spotlight.myunidays.com/US/en-US?, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian, myhughesnet.com, dishmail.net, home.toshiba.com, ytq2rs56.haogfw.com, pornhub.com, http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI, http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ, monitor.cablelan.net, https://monitor.rodgersmith.com, https://www.everycloudtech.com/free-mail-flow-monitor, https://metro-tmo.com/, Hybrid Analysis, Alienvault OTX, Data Analysis

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 5 days ago
Appeared in 4 threat reports