1.3.6.1 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 1.3.6.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: China
Network: ASNone
Noticed: 1 time
Countries Attacked: Canada, Israel, United States of America
Tor Node: No

MITRE ATT&CK TTPs

T1010 - Application Window Discovery
T1012 - Query Registry
T1018 - Remote System Discovery
T1027 - Obfuscated Files or Information
T1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1095 - Non-Application Layer Protocol
T1105 - Ingress Tool Transfer
T1106 - Native API
T1112 - Modify Registry
T1113 - Screen Capture
T1114 - Email Collection
T1120 - Peripheral Device Discovery
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1204 - User Execution
T1218 - Signed Binary Proxy Execution
T1486 - Data Encrypted for Impact
T1497 - Virtualization/Sandbox Evasion
T1518 - Software Discovery
T1546 - Event Triggered Execution
T1548 - Abuse Elevation Control Mechanism
T1553 - Subvert Trust Controls
T1555 - Credentials from Password Stores
T1566 - Phishing
T1571 - Non-Standard Port
T1573 - Encrypted Channel

Attack Log References

Whois Information

inetnum: 1.3.0.0 - 1.3.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE notify: abuse_gdnoc@189.cn mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:26Z irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: anti-spam@chinatelecom.cn abuse-mailbox: anti-spam@chinatelecom.cn admin-c: CH93-AP tech-c: CH93-AP mnt-by: MAINT-CHINANET last-modified: 2022-02-14T07:13:12Z role: ABUSE CHINANETCN address: No.31 ,jingrong street,beijing address: 100032 country: ZZ phone: +000000000 e-mail: anti-spam@chinatelecom.cn admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP abuse-mailbox: anti-spam@chinatelecom.cn mnt-by: APNIC-ABUSE last-modified: 2022-02-14T07:14:09Z person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-spam@chinatelecom.cn address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: abuse_gdicnoc@163.com address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD abuse-mailbox: abuse_gdicnoc@163.com last-modified: 2021-05-12T09:06:58Z