103.117.138.5 Threat Intelligence and Host Information

Share on:
Mar 12, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, cowrie, cyber security, ioc, malicious, phishing, ssh

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS136146 beijing 3389 network technology co. ltd.
  • Noticed: 14 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: btb503.com btb355.com

Malware Detected on Host

Count: 2 5cb0bdf600c5bb11ad534904caea1f1dc79255a7b7fcd158bea58617ebdcf2b5 5cb0bdf600c5bb11ad534904caea1f1dc79255a7b7fcd158bea58617ebdcf2b5

Open Ports Detected

3389

Map

Whois Information

  • inetnum: 103.117.138.0 - 103.117.138.255
  • netname: NNTCL-CN
  • descr: nates
  • country: HK
  • admin-c: NW351-AP
  • tech-c: NW351-AP
  • abuse-c: AN838-AP
  • status: ALLOCATED NON-PORTABLE
  • mnt-by: MAINT-NNTCL-CN
  • mnt-irt: IRT-NNTCL-CN
  • last-modified: 2021-01-12T20:29:52Z
  • irt: IRT-NNTCL-CN
  • address: HONG KONG YOUMALU
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: NW351-AP
  • tech-c: NW351-AP
  • mnt-by: MAINT-NNTCL-CN
  • last-modified: 2023-03-02T01:31:59Z
  • role: ABUSE NNTCLCN
  • address: HONG KONG YOUMALU
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: NW351-AP
  • tech-c: NW351-AP
  • nic-hdl: AN838-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2023-03-02T01:32:56Z
  • person: NAHE WANG
  • address: HONGKONG MAYOUJIE LU
  • country: HK
  • phone: +852 -23759876
  • e-mail: [email protected]
  • nic-hdl: NW351-AP
  • mnt-by: MAINT-NNTCL-CN
  • last-modified: 2018-12-17T03:36:48Z

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2022-12-30