1.2.169.49 Threat Intelligence and Host Information

Aug 19, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 1.2.169.49 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1053 - Scheduled Task/Job, T1055 - Process Injection, T1082 - System Information Discovery, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window

  • Tags: aaaa, actors, admin cmd, age86400 set, alibaba cloud, all scoreblue, ans core, as1321, as14627, as15169 google, as20940, as2914 ntt, as33438, as44273 host, as46691, as6461 zayo, as701 orgnocref, bad domains, beijing, body, cachecontrol, cape, china telecom, cloudflarenet, code, comcast, computing, cookie, copy, created, creation date, csc corporate, cve1102, cyber, date, date thu, delete, dns query, dock, domain, domains, dynadot, email, emotet, emotet am, emotet malware, entries, execution, filehash, first, glupteba, gmo internet, gmt server, google, graph community, group, high, historical ssl, hostname, hostnames, hungary unknown, icmp traffic, ie script, installer, intel, investigation, iocs, ip country, ipv4, i span, jid1886833764, jid882556742, june, kb txtresse, levelblue labs, location https, loudoun county, ltd dba, malware, mb gadget, mb history, mb smartsaver, mb threatsniper, media center, medium, meta, method status, modified, months ago, msie, name servers, nastya, net152, net1520000, nethandle, next, nxdomain, object, open, parkway city, passive dns, path max, port, pulse pulses, pulses, read, read c, referrer, samples, scan endpoints, script domains, script script, script urls, search, show, showing, slcc2, slfrd1, span, status, styes worm, submitters, summary iocs, swipper, trojan, type get, uagdaaeqcqaaaag, ukgbagaqcq, ukgbagaqcqaaaae, united, united kingdom, unknown, url hostname, urls, urls http, utc submissions, ve234 server, verizon, vj92, webcc, whitelisted, win32, win64, windows nt, wow64, write

  • View other sources: Spamhaus VirusTotal

  • Country: Thailand
  • Network:
  • Noticed: 5 times
  • Protocols Attacked: Anonymous Proxy
  • Countries Attacked: United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 3 c36cb4000691fc4e33014c21f831de331bded72b7d980654d29bc56cdef83717 0c74b6ce15d8cf2370e1f533b7cbd7b9e68c70e95c88ae04893b35f4a15a34de 2a3f7f441f869fa7b3de642b075c2ca3cd9678e52731face6908eb9f78b99c22

Map

Whois Information

  • inetnum: 1.2.128.0 - 1.2.191.255
  • netname: TOTNET
  • descr: Dynamic IP Address for residential Broadband Customers
  • country: TH
  • admin-c: AG100-AP
  • tech-c: AG100-AP
  • abuse-c: AT950-AP
  • status: ASSIGNED NON-PORTABLE
  • mnt-by: MAINT-TH-TOT
  • mnt-lower: MAINT-TH-TOT
  • mnt-routes: MAINT-TH-TOT
  • mnt-routes: MAINT-TH-TOT-ISP
  • mnt-irt: IRT-TOT-TH
  • last-modified: 2021-01-27T13:29:39Z
  • irt: IRT-TOT-TH
  • address: TOT Public Company Limited
  • address: 89/2 Moo 3 Chaengwattana Rd, Laksi,Bangkok 10210 THAILAND
  • e-mail: apipolg@nt.ntplc.co.th
  • abuse-mailbox: abuse@totisp.net
  • admin-c: ira3-ap
  • tech-c: ira3-ap
  • mnt-by: MAINT-TH-TOT
  • last-modified: 2025-06-06T07:36:42Z
  • role: ABUSE TOTTH
  • country: ZZ
  • address: TOT Public Company Limited
  • address: 89/2 Moo 3 Chaengwattana Rd, Laksi,Bangkok 10210 THAILAND
  • phone: +000000000
  • e-mail: apipolg@nt.ntplc.co.th
  • admin-c: ira3-ap
  • tech-c: ira3-ap
  • nic-hdl: AT950-AP
  • abuse-mailbox: abuse@totisp.net
  • mnt-by: APNIC-ABUSE
  • last-modified: 2025-06-06T07:36:58Z
  • person: Apipol Gunabhibal
  • nic-hdl: AG100-AP
  • e-mail: abuse@totidc.net
  • address: TOT Public Company Limited
  • address: 89/2 Moo 3 Chaengwattana Rd, Laksi, Bangkok 10210 THAILAND
  • phone: +66-2574-9178
  • country: TH
  • mnt-by: MAINT-TH-TOT
  • last-modified: 2022-08-29T04:23:40Z
  • route: 1.2.160.0/19
  • descr: TOT Public Company Limited
  • origin: AS23969
  • mnt-by: MAINT-TH-TOT
  • last-modified: 2012-03-13T04:06:02Z

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2023-03-30 dotoronto-ssh-bruteforce-ip-list-2023-04-01 ****** awsau-telnet-bruteforce-ip-list-2021-09-10 anonymous-proxy-ip-list-2024-12-26 digitaloceansingapore-ssh-bruteforce-ip-list-2023-12-23 bruteforce-ip-list-2023-10-29 anonymous-proxy-ip-list-2023-07-16 dofrank-telnet-bruteforce-ip-list-2021-09-25 anonymous-proxy-ip-list-2023-06-22 ****** vultrmadrid-ssh-bruteforce-ip-list-2023-03-31 ******

Share on: