103.120.80.159 Threat Intelligence and Host Information

Jun 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 103.120.80.159 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1035 - Service Execution, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1090 - Proxy, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, TA0004 - Privilege Escalation
Tags: a1ginaprincipal, a9dia, aaaa, abuse, accept, accept encoding, acceptencoding, acint, active related, added active, address, address first, address google, adload, a domains, advisory, adware, adwaresig, aes256gcm, a fleecy, agent, agent tesla, agenttesla, ai, aig, AIG Claims, akamaias, alexa, alexa proxy, alexa top, all octoseek, allow, all scoreblue, all search, amazon02, anchor hrefs, android, anonymizer, antivirus, a nxdomain, anyone else, api blog, apnic, apnic whois, appdata, apple, apple hacking, apple ios, apple phone, application, applicunwnt, april, arizona, artemis, articles, as13335, as13768 aptum, as139021, as14061, as14720 gamma, as15169 google, as16276, as20940, as29789, as30148 sucuri, as31898 oracle, as396982, as396982 google, as397241, as40509, as44273 host, as54113, as62597 nsone, as7922 comcast, as8075, as autonomous, ascii text, asia pacific, asn15169, asn16276, asn209242, asn4583, assistant, atlas, attack, attorney, august, author avatar, authority, awful, azorult, azureadmyorg, babar, back, bank, banker, bazaloader, bazar, b body, beach research, beginstring, behav, binary file, binder, bitminer, blacklist, blacklist http, blacklist https, blister, body, body length, bomb, bot, botnetwork, bradesco, brian, brian sabey, brochure url, brontok, builder, button, bypass, c2, c2ae, c2 raccoon, ca issuers, callback phishing, camera usage, canada unknown, catherine daisy coleman, certificate, channelsurfcli, checked url, child teen content illegal, china telecom, chrome, cisco, cisco umbrella, civicalg, civicalg.com, ck id, ck matrix, cl0p, class, classic poems, cleaner, click, close, cloudflare, cloudflarenet, cname, cnc server, cnnic, cobalt strike, coinminer, colorado, column, com laude, communicating, comodo rsa, company limited, computer, conduit, connection, connector, contact, contacted, content length, content type, control, control server, copy, copyright, core, count blacklist, country unknown, covid19, crack, create new, creation date, creation_of_an_executable_by_an_executable, critical, critical risk, cryptinject, crypto, csc corporate, customer, cutwail, cve201711882, CVE-2023-4966, cyber stalking, cyberstalking, cyber threat, cyberwar, dapato, data, data center, date, december, deepscan, de indicators, de page, designer, desktop, de summary, detail domains, detection list, detections type, detplock, device control, digicert global, district, dllinject, dns, dnspionage, dns replication, docs pricing, domain, domain related, domains, domains show, domain tree, downer, downldr, download, download csv, downloader, driverpack, dropped, dropper, dynamics, ecdhersa, edsaid, emails, emotet, encpk, encrypt, engineering, enterprise, entries, error, et, et tor, et useragents, excel, execution, exit, expiration, expiration date, exploit, explorer, extraction, facebook, facebook link, failed_code_integrity_checks, fakealert, fakeinstaller, falcon, falcon sandbox, false, fareit, february, feodo, file, filerepmalware, files, files ip, files location, filetour, file transfer, final url, financial, firehol, first, floxif, follow, form, formbook, for privacy, frames domain, france mail, france unknown, frankfurt, freemake, free poems, friendship poems, fri jun, front, fuery, fusioncore, g2 tls, game, gb summary, gecko, general, general full, generator, generic, generic malware, genkryptik, genpack, geotracking, germany, get h2, glupteba, gmbh version, gmt content, gmtn, gmt united, go daddy, google, government relations, graph community, gsqueue, gti9080l, gti9128v, gti9158, gts ca, hackers, hacking, hacktool, hall render, hallrender, hallrender.com, hallrender.com/attorney/brian-sabey, hash, hashes, headers, headers xcache, heaven, heavens, heodo, her beam, herself, heur, hidden, hidden users, highly targeted, hijacking, historical, historical ssl, hong kong, host, hosting, hostname, hostnames, hostname server, hsbc, html, html document, html info, html internet, http, http header, http response, hybrid, icann whois, icedid, ice fog, iframe, ii llc, indicator, indicator facts, indicator role, indonesia, information, inject, inmortal, innova co, input, installcore, installer, installpack, internet storm, iobit, iocs, ip address, ipasns ip, ip information, ip summary, ipv4, isotope, january, java, javascript, jpeg image, js, json ip, jul jan, june, kali, kb body, kb document, kb font, kb image, keygen, keylogger, khtml, known tor, kong asn, kraddare, kuaizip, label, laplasclipper, leasewebuklon11, level3, linkedin link, linkid252669, links certs, link url, linux mint, live, loadmoney, local, localappdata, location hong, location united, log id, login, london, love poems, lovgate, low risk, low security, lsmeta function, lsoldgsqueue, ltd dba, lumma stealer, macros sneaky, magazine, magnus, mail collection, mail spammer, main, malicious, malicious host, malicious site, malicious url, maltiverse, maltiverse safe, maltiverse top, malvertizing, malware, malware found, malware generic, malware host, malware site, march, mark, mark brian sabey, markmonitor, mb iesettings, mb opera, mb qimage, mb setup, mb super, media, mediaget, meister, memscan, message interception, meta, metastealer, meta tags, meterpreter, metro, microsoft, microsoft azure, microsoft crm, microsoft power, microsoft teams, milemighmedia, million, mimikatz, miner, mirai, misc attack, mitre att, mitre attack, modernizr, mo.gov, monitoring, moved, msie, mtd1, mwin, name, namecheap inc, name servers, name value, name verdict, nanjing, nanocore, nanocore rat, network, network traffic, networm, next, nircmd, njrat, no data, node tcp, node traffic, node udp, no expiration, noname057, notepad, november, nsis, nso, null, nxdomain, nymaim, occamy, offercore, office, open, opencandy, optimizer, otx octoseek, outbreak, page url, parent parent, passive dns, paste, patcher, path, pattern match, paypal, pegasus, phish, phishing, phishing chase, phishing site, png image, poem, poems, poem topics, poetry, pony, porkbun llc, pornhub, powershell_create_scheduled, pragma, predator, premium, presenoker, present mar, primary request, problems, project, protect, protocol h2, proud evening, proxy, psexec, ps ord, pulse indicator, pulse pulses, pulses, pulse submit, pulses url, pykspa, python, python_initiated-connection, qakbot, qbot, quasar, quasar rat, query type, raccoon, radar ineractive, radar tracking, ramnit, rank, ransomexx, ransomware, record value, redirector, redline, redline stealer, referrer, refresh, regex, registrar, registrar abuse, relacionada, related nids, related pulses, relayrouter, relic, remcos, remote attacks, render, report spam, requested, resolutions, resource, resource hash, resource path, response ip, revengeporn, reverse dns, risk, riskware, rms, role title, romantic poems, roundup, rsa sha256, runescape, sabey, safebae, safebae.org, safe browsing, safe site, sality, sample, samples, sample summary, satellite tracking, scan endpoints, scanning host, scottsdale, screenshot, script, script tags, script urls, search, search live, sec ch, secrisk, secure server, security, security no, security tls, seen asn, seen last, seraph, server, servers, service, services, serving ip, setup stub, sha256, sharepoint, shone pale, showing, show technique, site, site safe, site top, size, skynet, skynet bot, slider plugin, soc, social engineering, softcnapp, softonic, software, sonbokli, spammer, span, spark, spyrixkeylogger, sql, ssl certificate, staging, star, startpage, status, status code, status hostname, stealer, strings, subdomains, submitters, sucuri firewall, summary, summary iocs, suppobox, suspected, suspicious, svg scalable, swrort, system, systweak, tag count, tags none, tag tag, tcp traffic, team, team malware, technology, temp, test, text archiver, than, this, thomsonreuters, thou bearest, threat, threat report, threat round, threat roundup, threats, threats et, thu aug, tiggre, title added, title safebae, tld count, tls web, tofsee, tools, topic, topics, tor exit, tor known, tor relayrouter, tracking, traffic, trojan, trojanspy, trojanx, true, tsara brashears, tue apr, tue dec, tulach, tulach.cc, twitter, type mimetype, ubot, ultimate, umbrella rank, unauthorized, unicode text, union, united, united kingdom, unknown, unknown traffic, unlocker, unruy, unsafe, update checker, url analysis, url history, url http, url https, urls, urls date, urls http, urls https, url summary, utc submissions, utf8 text, uztuby, value, variables, vector graphics, verify, verisign, veryhigh, vidar, virus network, virustotal, virut, visible, vitzo, wacatac, wannacry kill, waypoint object, website malware, webtoolbar, westlaw, westlaw njrat, whois database, whois parent, whois record, whois whois, win32 exe, win32.pdf.alien, win64, windows nt, wordpress, wpbakery page, wp engine, write, x powered, xrat, x sucuri, xtrat, yandex, yndx, youth, zbot, zeus, zpevdo, zuorat
View other sources: Spamhaus VirusTotal

Country: Hong Kong
Network:
Noticed: 18 times
Protocols Attacked: SSH
Countries Attacked: Canada, Netherlands, Spain, United States of America
Passive DNS Results: gigishop.top xn–3d-065cvdy97fhho.com xn–6frwjk1nzqgku3cnlmc5j.com xn–6krz30dtfnnrdpe.com xn–xcrt2u9pa93eq9rtk5d.com xn–wjqy6sy52b.com xn–jvrx5soxh0obqz7hsdk.com xn–rht118csu3a.com xn–6kru6am91b0lbv8itn1f.com xn–o3w047ao8b.com xn–wjq95x1nll8ozk0c.com xn–etto7av0ry21c.com xn–xhqu86bxsd9w9a.com xn–6orz4govhfu3bt1as83e.com xn–wtqs2dy18g.com xn–k8q75a46eorlztr4lufk1b.com telegram-er.com telegram-ce.com telegram-cg.com cyw120.com cdydwgk.com szzh100.com sunrisingtech.com starmarkins.com hidrobec.com mgdlzh.com led-liangya.com qitiweishi.com yidawgk.com yidapfk.com yidapf.com boosyun.com goldsgy.com gxzq123.com 120584.com 028ydpf.com 120574.com 122kg.com 120562.com 120551.com 028yidapf.com 120523.com webleadsflow.com akci.xyz investrenown.top accomplishmentcontemplate.top bywqf.xolong.top cardboardalloy.top omhdpw.tenvisit.top japrlm.pinksnow.top nmyg.geficiehut.top aabsv.oucross.top utzfg.midflash.top yuvbt.shortout.top f9d6zm.cyou bmfszrczocox.cloudoxide.top televisioncompression.top bq9hhd.cyou shortdot.top werderbremenfansclub.com laiqian1588.top cwycwy.top peenergy.top ljhgu8i.site cxk888.site fogjkl88fg.site bazc.site dylaodaye.shop 33333.ren aa88ht.fun sdmj1888.fit xianjianting.com xn–zfr9ax79bytdpy0ch1r.com xn–2jsx56bqtad88gxppmb.com xxhkids.com xn–5nqw3g83m4px572ae1b6ya.com tianshunlc.com dmjboy.com cnlsz.com sczdzk.com mt6262.com freenear.top xn–rhqt5jxwck9w.xn–55qx5d 13ox.vip 12ox.vip 16ox.vip xueyunkeji.top smgo.top muouounuii88.top 86555.top piciag2023.top 73444.top 93444.top 87333.top 86777.top 89555.top ursmart.store v6b95.site v3c4f.site juejuezzzzzzzjue.store xbtchat.site btcchat.site rvjaw.site 9a5b6.site kxzl8.site 7dz1u.site teaicloud.shop cdzcz.shop bicestervillage.shop qqiud.shop bimbalolaonline.shop guessesonline.shop tdjz.org xn–fiqs9jgxf9sx7xptzy.net xn–fiqu1idqa40qr4u59ft4zc85a.net trade-ice.net peony.ltd tohum.love hzw.mom ksjsi1998.fit nsdj1817.fit ksoo1998.fit mskk19982.fit xn–fiq99fmzfzuzs74bwzl.com xn–6rtq00cfrav91g.com xn–xhq7f982b76icka68dp7u.com xn–vhq58fq6a333ad2q2jj.com xn–49s63y67unphqqq.com xn–49s291g8veorm.com xn–xyso43bkug2wo.com xn–vvr059anofrv5am6gjln.com xn–lmst8ejw1cwehdsfc9d.com xn–xsso3ig3aw27d.com weijie620.com hy4313.com helynk.com hy6u.com perfectplasticbag.com p63g.com g52s.com jinerfu.com upunks.com now-int.com 120695.com 120694.com 120696.com 120692.com 120693.com 120623.com akgfp.deepbear.top fnczqu.plainmix.top xod.proofsun.top chinashouyu.com 07110.xyz xn–brvo2g.xn–55qx5d trade-ice.vip 58ox.vip 68ox.vip iimg.vip 38ox.vip 11ox.vip 527t.vip 17ox.vip 76178.vip 526f.vip 82778.vip 28ox.vip 86778.vip 527r.vip 78ox.vip 18ox.vip 98ox.vip 85778.vip 22ox.vip 75178.vip 19ox.vip 527o.vip muouounii88.top mssi.top bluebowl.top batag.top joyhome.top er222.top 04999.top rosegain.top xn–mnq702aoid02h.tech xytb.site weimeigu.site xuet.site xpno8.site xn–mnq702aoid02h.site turn2.site tuejj.site v5s4b.site mgxhv.site lr9as.site lctsou.site o0sqw.site j2nun.site 2xw.site 0vwtw.site flthc.site xn–brvo2g.shop chcarolinaherreraonline.shop ovs-online.shop hoff-outlet.shop guessitonline.shop qqirv.shop sezanonline.shop qqidl.shop rinascimentoonline.shop psyduck.ren fcfei.net xn–uir308cqtaw40i.com xn–pssx83im1h.com xcctg.com xn–fiqs9jgxf9sx7xptzy.com xn–ohqa9211az6v.com xn–fiqu1idqa40qr4u59ft4zc85a.com xn–pssq50ax9abz9e57m.com xn–8uqq99ka65eo38bmme.com xn–55qo14gq32e.com trade-ice.com skemsh.com mt6161.com zyqsgy.com yihaiplate.com 6kk7k.com kuafonews.com foscr.com afdsfdy.cfd airbagunitsettlement.com aimaas.xyz bailv.icu baiwo.icu fhdl.xyz aicaas.xyz ae2y0.site baixi.icu xitongtongzhi0620-kf.work sunlifacail0619-kf.work shunlif10619-kf.work wxjy.wang di888.vip ap888.vip ap777.vip 88ox.vip de777.vip de888.vip df777.vip 74444.wang 66ox.vip 99ox.vip dh9999.vip dc8888.vip dd555.vip 77ox.vip tbvip158.top 55ox.vip ce999.vip 33ox.vip ddzzp.top aliyunaa.top psdaquan.top pdlwan.top unga.top 278sy.top kawhichampion.top sjum.tech yunzs.store abab8.shop chicosonline.shop scalpers-outlet.shop zkak1991.shop qqmlt.shop yzyjbg.net huazi.mom tl3vc.ltd sdjfj12914.fit dnxj112.fit ssji82.fit baipi.icu baita.icu baiei.icu baiou.icu baicu.icu baiti.icu baiyo.icu huangmeng.top baifo.icu xazsgl.com toplawyer168.com duopinshop.com cheapsbottle.com sqhjgf.com shebaocxw.com yyteu.com exchangeaxt.com 55uh.com www.shazeng.top www.ikun720.xyz baida.icu baice.icu tagglow.com baipa.icu bailo.icu baiwa.icu yinzhe.top baizi.icu bainu.icu baiku.icu www.yy68888.cn eatwellbaba.xyz jee.wiki xo55.vip cc8888.vip cc5555.vip bkff.vip fe99.vip xo11.vip xo77.vip xn–7gqy0af6g93jh0hesh.xn–55qx5d dfnn.vip xo15.vip xo18.vip xo33.vip eyaaaa.vip naitang.vip xo22.vip xo12.vip xo99.vip fe33.vip ferr.vip feqq.vip cs65535.top muououonnuii88.top pofdshefdeg.top jubaoling.top 48777.top meijiakeji.tech qingqingzilaisjfd.store meijiakeji.site 619pk.site longxia.site meijiakangyang.ren cascs.net eduv.net meijia.ink meijia.fun xnah1.fit healthymind.city xushizulin.com xncyh.com axwhg.com dd002.com dxcyh.com cdzstkj.com hlqc1688.com mmeen.com mt3535.com mccze.com luyibei888.com yfffy.com pncyh.com bi521.com gwcyh.com gtcyh.com oncorehq.com ken018.com ken017.com ken028.com kzcyh.com ken002.com ken014.com ken035.com ken015.com ken036.com ken024.com ken034.com ken025.com ken033.com ken016.com ken022.com ken029.com ken011.com ken026.com ken021.com ken005.com ken013.com ken008.com ken020.com ken023.com ken032.com ken010.com ken019.com ken030.com ken031.com ken004.com ken006.com www.zflzj.site www.dxj911r9.xyz dxj911r9.xyz 71818.vip 71813.vip 71913.vip 71912.vip xxyh666.top xuanmenggroup.vip derengroup.vip xinjiayuan.vip 71915.vip 526g.vip 66dyg.vip xn–dkru7qy2bdr237a3ycca007nt8krm0fdfg.top isoft.vip muououuunmui8.top poskleufjet.top qiquxz.site 617pk.site yybf.site 1oxa32.site qqmuw.shop parfois-online.shop qqiom.shop uuyyiioo.shop www.hjt6t6.cfd cledr.org amzhelper.net lace.news crfeb.ltd 55yltev8wi9.cyou 33zk00kbf1t.cyou 0egzp1.cfd 5network.cn 33qlf2jyo03.cyou 55180b.top afptvaxft.cfd agxrsxi.cfd 9000058.xyz 33ulaeqws1o.cyou 55502a.top 40614.pw 5g8747.xyz 33q4boyvmqk.cyou 33kyr2ge4xw.cyou am36tyjlv.cfd almarencuadernacion.com agiqfsi.cfd a4fupxixp.cfd 550ygp9u1sa.cyou 55389ine41a.cyou 55k40twv0i1.cyou 531yz.xyz 0dbnzl.cfd xn–fiqsc2cr77b96llr6g.com xn–55qz6vnju6g1z4b.com xn–2qq9lt56fklw.com xn–fiqs8srwb3z8f3vo.com wuenidc.com xn–fhqc967jsa5276dyydnl.com xn–6frwj89zqxfzo6b.com xn–3bsx4qfpcgw4f.com xn–2js58wy36ak0blve.com tminers.com telegram-al.com telegram-at.com telegram-aj.com tddownloads.com chrisshauna.com stradivarisonline.com shumingzi.com shheqie.com mt3131.com mt3232.com miuew.com manbetx528.com lzljsbj.com zhexinghongmu.com zzzrr.com zdf168.com iceascoin.com icebscoin.com yabo78bet.com p5hh.com bestsbatteries.com gd-risun.com jpstudy51.com jiekela.com ogrdrh.com niceshome.com 19zps.com 18zps.com kemanwuu.com rvcnshow.com rlzjzb.com feituwenhua.com ww82.87xxd.com ywb38vfgkk518jkdgupc.com www.363ak.com fluttermortal.top

Malware Detected on Host

Count: 1 600b825c851ec0d231346e5b41f35d54da75f329bacc096af1b50069539e4904

Map

Whois Information

inetnum: 103.120.80.0 - 103.120.81.255
netname: WIP
descr: WEST263 INTERNATIONAL LIMITED
country: HK
admin-c: WILA3-AP
tech-c: DY1085-AP
abuse-c: AW1022-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-WEST263GO-HK
mnt-irt: IRT-WEST263GO-HK1
last-modified: 2021-04-21T01:22:25Z
irt: IRT-WEST263GO-HK1
address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
e-mail: westabuse.noc@gmail.com
abuse-mailbox: westabuse.noc@gmail.com
admin-c: WILA3-AP
tech-c: DY1085-AP
mnt-by: MAINT-WEST263GO-HK
last-modified: 2024-08-28T13:11:13Z
role: ABUSE WEST263GOHK1
country: ZZ
address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
phone: +000000000
e-mail: westabuse.noc@gmail.com
admin-c: WILA3-AP
tech-c: DY1085-AP
nic-hdl: AW1022-AP
abuse-mailbox: westabuse.noc@gmail.com
mnt-by: APNIC-ABUSE
last-modified: 2024-08-28T13:14:15Z
role: West263 International Limited administrator
address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
country: HK
phone: +15708412741
fax-no: +15708412741
e-mail: abuse@hkdns.hk
admin-c: WILA3-AP
tech-c: DY1085-AP
nic-hdl: WILA3-AP
mnt-by: MAINT-WEST263GO-HK
last-modified: 2018-12-03T15:18:11Z
person: David Yanping
address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
country: HK
phone: +852-35979075
e-mail: david.yanp@gmail.com
nic-hdl: DY1085-AP
mnt-by: MAINT-WEST263GO-HK
last-modified: 2019-04-29T06:51:07Z
route: 103.120.80.0/24
origin: AS139021
descr: West263 International Limited
mnt-by: MAINT-WEST263GO-HK
last-modified: 2025-04-23T02:18:34Z

Links to attack logs

****** ****** ******

Share on: