103.120.80.164 Threat Intelligence and Host Information

Jun 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 103.120.80.164 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1035 - Service Execution, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1090 - Proxy, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, TA0004 - Privilege Escalation

  • Tags: a1ginaprincipal, a9dia, aaaa, abuse, accept, accept encoding, acceptencoding, acint, active related, added active, address, address first, address google, adload, a domains, advisory, adware, adwaresig, aes256gcm, a fleecy, agent, agent tesla, agenttesla, ai, aig, AIG Claims, akamaias, alexa, alexa proxy, alexa top, all octoseek, all scoreblue, all search, amazon02, anchor hrefs, anonymizer, antivirus, a nxdomain, anyone else, api blog, apnic, apnic whois, appdata, apple, apple hacking, apple ios, apple phone, applicunwnt, april, arizona, artemis, articles, as13335, as13768 aptum, as139021, as14061, as14720 gamma, as15169 google, as16276, as20940, as29789, as30148 sucuri, as31898 oracle, as396982, as396982 google, as397241, as40509, as44273 host, as54113, as62597 nsone, as7922 comcast, as8075, as autonomous, ascii text, asia pacific, asn15169, asn16276, asn209242, asn4583, attack, attorney, august, author avatar, authority, awful, azorult, babar, back, bank, banker, bazaloader, bazar, b body, beach research, beginstring, behav, binary file, binder, bitminer, blacklist, blacklist http, blacklist https, blister, body, body length, bomb, bot, botnetwork, bradesco, brian, brian sabey, brochure url, brontok, builder, button, bypass, c2, c2ae, c2 raccoon, ca issuers, callback phishing, camera usage, canada unknown, catherine daisy coleman, certificate, checked url, child teen content illegal, china telecom, chrome, cisco, cisco umbrella, civicalg, civicalg.com, ck id, ck matrix, cl0p, class, classic poems, cleaner, click, close, cloudflare, cloudflarenet, cname, cnc server, cnnic, cobalt strike, coinminer, colorado, column, com laude, communicating, comodo rsa, company limited, computer, conduit, connection, contact, contacted, content length, content type, control, control server, copy, copyright, core, count blacklist, country unknown, covid19, crack, create new, creation date, creation_of_an_executable_by_an_executable, critical, critical risk, cryptinject, crypto, csc corporate, customer, cutwail, cve201711882, CVE-2023-4966, cyber stalking, cyberstalking, cyber threat, cyberwar, dapato, data, data center, date, december, deepscan, de indicators, de page, de summary, detail domains, detection list, detections type, detplock, device control, digicert global, district, dllinject, dns, dnspionage, dns replication, docs pricing, domain, domain related, domains, domains show, domain tree, downer, downldr, download, download csv, downloader, driverpack, dropped, dropper, ecdhersa, edsaid, emails, emotet, encpk, encrypt, engineering, entries, error, et, et tor, et useragents, excel, execution, exit, expiration, expiration date, exploit, extraction, facebook, facebook link, failed_code_integrity_checks, fakealert, fakeinstaller, falcon, falcon sandbox, false, fareit, february, feodo, file, filerepmalware, files, files ip, files location, filetour, final url, financial, firehol, first, floxif, follow, form, formbook, for privacy, frames domain, france mail, france unknown, frankfurt, freemake, free poems, friendship poems, fri jun, fuery, fusioncore, g2 tls, gb summary, gecko, general, general full, generator, generic, generic malware, genkryptik, genpack, geotracking, germany, get h2, glupteba, gmbh version, gmt content, gmtn, gmt united, go daddy, google, government relations, graph community, gsqueue, gti9080l, gti9128v, gti9158, gts ca, hackers, hacking, hacktool, hall render, hallrender, hallrender.com, hallrender.com/attorney/brian-sabey, hash, hashes, headers, headers xcache, heaven, heavens, heodo, her beam, herself, heur, hidden users, highly targeted, hijacking, historical, historical ssl, hong kong, host, hosting, hostname, hostnames, hostname server, hsbc, html, html document, html info, html internet, http, http header, http response, hybrid, icann whois, icedid, ice fog, iframe, ii llc, indicator, indicator facts, indicator role, indonesia, information, inject, inmortal, innova co, input, installcore, installer, installpack, internet storm, iobit, iocs, ip address, ipasns ip, ip information, ip summary, ipv4, isotope, january, java, javascript, jpeg image, js, json ip, jul jan, june, kali, kb body, kb document, kb font, kb image, keygen, keylogger, khtml, known tor, kong asn, kraddare, kuaizip, label, laplasclipper, leasewebuklon11, level3, linkedin link, linkid252669, links certs, link url, linux mint, loadmoney, local, localappdata, location hong, location united, log id, login, london, love poems, lovgate, low risk, low security, lsmeta function, lsoldgsqueue, ltd dba, lumma stealer, macros sneaky, magazine, mail collection, mail spammer, main, malicious, malicious host, malicious site, malicious url, maltiverse, maltiverse safe, maltiverse top, malvertizing, malware, malware found, malware generic, malware host, malware site, march, mark, mark brian sabey, markmonitor, mb iesettings, mb opera, mb qimage, mb setup, mb super, media, mediaget, memscan, message interception, meta, metastealer, meta tags, meterpreter, metro, microsoft, milemighmedia, million, mimikatz, miner, mirai, misc attack, mitre att, mitre attack, modernizr, mo.gov, monitoring, moved, msie, mwin, name, namecheap inc, name servers, name value, name verdict, nanjing, nanocore, nanocore rat, network, network traffic, networm, next, nircmd, njrat, no data, node tcp, node traffic, node udp, no expiration, noname057, notepad, november, nsis, nso, null, nxdomain, nymaim, occamy, offercore, open, opencandy, optimizer, otx octoseek, outbreak, page url, parent parent, passive dns, paste, patcher, path, pattern match, paypal, pegasus, phish, phishing, phishing chase, phishing site, png image, poem, poems, poem topics, poetry, pony, porkbun llc, pornhub, powershell_create_scheduled, pragma, predator, premium, presenoker, present mar, primary request, problems, project, protect, protocol h2, proud evening, proxy, psexec, ps ord, pulse indicator, pulse pulses, pulses, pulse submit, pulses url, pykspa, python, python_initiated-connection, qakbot, qbot, quasar, quasar rat, query type, raccoon, radar ineractive, radar tracking, ramnit, rank, ransomexx, ransomware, record value, redirector, redline, redline stealer, referrer, refresh, regex, registrar, registrar abuse, relacionada, related nids, related pulses, relayrouter, relic, remcos, remote attacks, render, report spam, requested, resolutions, resource, resource hash, resource path, response ip, revengeporn, reverse dns, risk, riskware, rms, role title, romantic poems, roundup, rsa sha256, runescape, sabey, safebae, safebae.org, safe browsing, safe site, sality, sample, samples, sample summary, satellite tracking, scan endpoints, scanning host, scottsdale, screenshot, script, script tags, script urls, search, search live, sec ch, secrisk, secure server, security, security no, security tls, seen asn, seen last, seraph, server, servers, service, services, serving ip, setup stub, sha256, shone pale, showing, show technique, site, site safe, site top, size, skynet, skynet bot, slider plugin, soc, social engineering, softcnapp, softonic, software, sonbokli, spammer, span, spyrixkeylogger, sql, ssl certificate, staging, star, startpage, status, status code, status hostname, stealer, strings, subdomains, submitters, sucuri firewall, summary, summary iocs, suppobox, suspected, suspicious, svg scalable, swrort, system, systweak, tag count, tags none, tag tag, tcp traffic, team, team malware, technology, temp, text archiver, than, this, thomsonreuters, thou bearest, threat, threat report, threat round, threat roundup, threats, threats et, thu aug, tiggre, title added, title safebae, tld count, tls web, tofsee, tools, topic, topics, tor exit, tor known, tor relayrouter, tracking, traffic, trojan, trojanspy, trojanx, tsara brashears, tue apr, tue dec, tulach, tulach.cc, twitter, type mimetype, ubot, ultimate, umbrella rank, unauthorized, unicode text, union, united, united kingdom, unknown, unknown traffic, unlocker, unruy, unsafe, update checker, url analysis, url history, url http, url https, urls, urls date, urls http, urls https, url summary, utc submissions, utf8 text, uztuby, value, variables, vector graphics, verisign, veryhigh, vidar, virus network, virustotal, virut, vitzo, wacatac, wannacry kill, waypoint object, website malware, webtoolbar, westlaw, westlaw njrat, whois database, whois parent, whois record, whois whois, win32 exe, win32.pdf.alien, win64, windows nt, wordpress, wpbakery page, wp engine, x powered, xrat, x sucuri, xtrat, yandex, yndx, zbot, zeus, zpevdo, zuorat

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network:
  • Noticed: 15 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Netherlands, Spain, United States of America
  • Passive DNS Results: lenggushi.wang carnival.top jingblog.tech luciusguo.tech sstz.ltd anitaphone.com velvetvistas.com jasperjoes.com chjx.site dvito.online tiantian96.ltd we-code.fun brightlight.club titanicplush.com spatialweddings.com leiaoutlet.com gadgenius.com jnsbny.com noriok.com regalfinds.com mtttel.shop mtersi.shop ayzypoj.shop mtioes.shop whitefoxboutiiques.shop 80cp.online chinasztl.com campusstyle.site goddess.top iajnsnzxm.shop angilina.ltd cczz.ltd yirou.group traceblogtest.com champyx.com sxyysgg.com vianshop.com honeybeetoys.com p2p91.com palbrasil.com bonjoursoleil.com bastoto.com 9qbp3ac0.top 9eih2so7.top 8tar9qa6.top 9plr7km5.top 9dtr8iv1.top 8wwj0fx7.top looks.top 3ysb2pf4.top 7wrg6ak4.top 7xdm7mu0.top 8rmg2tc8.top 3ugo1yl6.top 5hjy6cn0.top 2shq2ys4.top 1kaz9gv4.top 5ska2lk4.top 1hdc3js0.top 7pcd1ov9.top 1wdx7az7.top 2ead0wk7.top 9rsq1de5.top 6zeh1rf3.top 9aih1ji8.top 3xuw9ca7.top 2mll3ak7.top 4pib3zu9.top 0pqa8gv2.top 6ufd2oo5.top 9pqe6oz9.top 5znz2br7.top 3zzg5wl2.top 4naz5vh1.top 0edy2aw5.top 5osu2sx4.top 9hsl8fj6.top 1fgl2yg6.top 7wnk5hr4.top 4trg4ll6.top 9gkk1ir5.top 5gak5cc0.top 6cel3vx4.top 6jwc0sh3.top 5wub5jf6.top 3jss8dl3.top 4jlg2en7.top 5wdo2fw2.top 7aou4ob9.top 7zfp6st8.top 6gac5gt5.top 0cnp3bd7.top 6xal1vf2.top 3otk6ey1.top 8ftc8fm7.top 8ouy7oc4.top 0esl3xg4.top 0egh6wx6.top 2vtu8rr0.top warpedpieces.com aimeide.com airbusmainframe.com doitintl.com handcraftsstore.com loserdenial.com pyravia.com orlandomarco.com 5sea.com feringer.com acocbmpx.shop yushi.life withme.ltd trumpsolana.com dflswm.com sugardefend.com 5lgou.com jingege.space yig.life aireball.com aeoncoaching.com cosmicjesters.com directoroffice.com vacstresser.com situsfair.com scaffold-china.com hubazar.com zsf5.com peluangwin.com bjlmzm.com noahseven.com forestvip.com xn–i8s1i22fux7cmlkhyw.com bxsysb.com wemequan.top nishihaoren4545.top oamazkoz.shop xinghuahk.com totomonial.com transformativebooks.com dinggu8.com chainboat.com cointep.com chartergod.com coinkut.com debetvip.com gigafury.com timcathy.vip talimuchaoshi.top xuexindz.top shizhurui.top laochuanzhang385.top hongleijx.top yiqianli.top runhuanjk.top z-g.ltd xy-tea.com dingdingjiaoyu.com bonodave.com zc88.ltd wdkey.com checkairdrop.com solanachecker.com steelstones.com heiliaoyy.com bibliaflix.com bajatoto.com fidelityintl.com dabiaotou.com chenpinyou.com hebxm.com miebb.com cityalliance.ltd yuanhua.icu sonicedged.fun lushhavens.fun miraglsow.fun bradsk.click rbxks.click krbajy.baby arksxz.art rklays.art tomobirth.com torrentlatino.com tedbakers.com containerweighing.com prowinit.com belvedereresidence.com 35977.cn xn–m8tx17e.com theredvida.com diytattoo.com doodlet-shirt-shop.com childhi.com heyetgayrimenkul.com photoannapolis.com pragmatictoto.com gustmining.com gypsychicdesigns.com jessicanoellewrites.com normandiewelcome.com robertwritesabout.com kh68.vip xn–udst2k4t0cjlb.top dekd.shop wukai91.site altnt.ltd xianjiang.life carpooling.ltd adv.ink rflab.group profess.icu xrsxw.com xianshisec.com wxlingyun.com wugankj.com wangcai68.com wangkecheng.com autoeai.com amatemas.com amlijia.com dxzcw.com danakilat.com czzjjsj.com com-baidu.com cqhgw.com civst.com cgnhw.com sxzwjy.com smutcrate.com signalproxy.com hscdf.com scikth.com hxycanyin.com mqsfj.com h797.com haiwaidaili.com meidaai.com mnxyw.com lzjdw.com m55h.com lyfsgc.com linqiyuan.com lycsw.com zwsfw.com zhuoxuewang.com zgsyh.com zsdzc.com zmdtw.com zimmerbuchen.com qhbcw.com yzjmzm.com qyszw.com yanxin-sh.com qfjiajiao.com ywhtw.com pxzdw.com ynrfw.com bjxxafsb.com bhtbw.com b958.com bbbkw.com gywyc.com gongsky.com epposunmold.com ettiao.com elevator-shoes.com 57top.com 729j.com 8ha8.com 12348tjfw.com 071096580.com kyshoes.com ktpjw.com kaihuangfs.com ftcms.com fcwmw.com zhiheyinxiang.com 0311tv.com lxb168.com line-z.art nofa.xyz tiantianba.site wcnm.baby dn86.com crm108.com mentarijayasepektrum.com yasi53.com bjgshy.com jahnerforsheriff.com jxtcnt.com fujiays.com panshi.site love614.live kuaiba.ltd 211.ink xn–fiq4mx91b3pb57do8ce70f.com ixiehouyu.com ujservice2.com zeroacg11.top jbcgn24.top jbcgn194.top nussapdu.shop xn–ruqx4b745af5v.com steeperinternational.com shuinizhipinchang.com shivmobile.com motoyamaha.com limitlessrenewables.com zbgpdq.com ganjafaeries.com onenesstalk.com fluxstores.com yunduanyinji.site liyin6.top wanghl.space adielor.com mccallumorchard.com fhftyh.com liangzhiqiecinema.vip cvyzzoqll.asia dhojf3b7b.asia t7v9yn.asia phjk.asia gnnvdrqdw.asia 8lstrtrek.asia 3ja4y0mr1.asia atrolls.com sxzgwlkj.com sirastore.com horylux.com marchesitaormina.com bzmju.com olympicsun.com robertor.com wjrjack.site auto-safety.ltd almonit.com changeenow.com vortexbanking.com steamcommunitys.com steelprom.com hitamanis.com hogarte.com lojavogue.com lilymine.com mangatower.com lovegoogle.com zinkweb.com bestgard.com gunnclan.com etherecho.com radiogolden.com iu.ink 53.ink xianyonghoufu.fun wxmxdp.com dyxsgy.com cxfla.com bedyw.com hairs.shop 07.mom aoyunlov.fun xn–lv0at64b.com sngcj.com fsd145658qwertyu40sdjgjud15c6512.top bentao.ltd howie.life xn–8prx9o.com xn–viqw36epu2a.com xn–dpq3r038o8xf.com dzjcjn.com buscarportal.com jige.xyz xiaoqiu.art xn–tkr27k8p7arrp.com sijiayi.wang skffn8a.top mamaindo.com mantatoken.com popeyetoto.com nveta.com ryanairhotel.com jsjsjje.shop pix.plus zazazaple.fun mrgong.club cssxxlpx.com xn–cnq123j.com stomatologicalhospital.com hunanshoulong-hlj.com mysteriumnetwork.com tallyscrapper.com yaoqianshu.co mibe.xyz xn–15qx1cx4iemysuuvlz.top xn–zfr74dr1hjg53l1p2a2en.top hzhckj.online vaccum.ltd hsjob.com lplotto.com aisosuo.com saviortire.com burmedcare.com xn–9swxh.top dznet.shop xn–8uqu18c7j3a.com ysqd.fun yangning.art xpxitong.com xjedu.wang sahwicpa.shop qocoyzwv.shop assistanceformation.com theredboost.com comicsure.com milosolana.com medioagricola.com promotoyota.com outlastfoods.com nontoxin.com mylink.wang xn–koyt29b.com comfortnestlife.com capnpal.com 144hz.com zjchuhaijishu.com invision.top bajiujian.club dlfsbyy.com dmfly.com dvi7.com share4006699988.com lzdmfl.com yngyfh.com jmk24.com 86chu.com k9km.com fgrl888.com xiaoxiangfeng.com bloodbaby.tech tkkyd.com ss1234567.com shuzipos.com jugertech.com gvpq.cn markeo.shop cmgemtx.online szjdqm.online sbcoder.life liuqy.fun lnxcgbtc.com soleyc.top yanpl.top jsjsnsjd.shop 00085.net 00585.net sfalc.com idonglingying.com paixiaodian.com geba8.com jinshuizk.com 24jubao.com rqzarx.com hzsdsd.com hnlgw.com qdshejian.com jie17.com bet3654.vip 618r.com 4416.top xdsns.com aofengshop.com cbwsola.com hprs2025.com ppdekcf.com grctlkc.com 8696269.com ksdlt.com knxjcld.com nunsu.com xn–eqrw6e7ond.top jj6.top wukongdatatech.com zhengdanghong.com salomongtx.com bjnnuhoz.shop allpullback.com allpullout.com duanju369.com tbhtml.com sandmanofficial.com hoopsom.com mentoto.com zhiyinwang.com z037.com qw180.com babaoai.com googoole.com aitool.vip apeterminals.com

Open Ports Detected

80

Map

Whois Information

  • inetnum: 103.120.80.0 - 103.120.81.255
  • netname: WIP
  • descr: WEST263 INTERNATIONAL LIMITED
  • country: HK
  • admin-c: WILA3-AP
  • tech-c: DY1085-AP
  • abuse-c: AW1022-AP
  • status: ASSIGNED NON-PORTABLE
  • mnt-by: MAINT-WEST263GO-HK
  • mnt-irt: IRT-WEST263GO-HK1
  • last-modified: 2021-04-21T01:22:25Z
  • irt: IRT-WEST263GO-HK1
  • address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
  • e-mail: westabuse.noc@gmail.com
  • abuse-mailbox: westabuse.noc@gmail.com
  • admin-c: WILA3-AP
  • tech-c: DY1085-AP
  • mnt-by: MAINT-WEST263GO-HK
  • last-modified: 2024-08-28T13:11:13Z
  • role: ABUSE WEST263GOHK1
  • country: ZZ
  • address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
  • phone: +000000000
  • e-mail: westabuse.noc@gmail.com
  • admin-c: WILA3-AP
  • tech-c: DY1085-AP
  • nic-hdl: AW1022-AP
  • abuse-mailbox: westabuse.noc@gmail.com
  • mnt-by: APNIC-ABUSE
  • last-modified: 2024-08-28T13:14:15Z
  • role: West263 International Limited administrator
  • address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
  • country: HK
  • phone: +15708412741
  • fax-no: +15708412741
  • e-mail: abuse@hkdns.hk
  • admin-c: WILA3-AP
  • tech-c: DY1085-AP
  • nic-hdl: WILA3-AP
  • mnt-by: MAINT-WEST263GO-HK
  • last-modified: 2018-12-03T15:18:11Z
  • person: David Yanping
  • address: 12/F,, San Toi Building,, 137-139 Connaught Road Central, Hong Kong,, Hong Kong Hong Kong 999077
  • country: HK
  • phone: +852-35979075
  • e-mail: david.yanp@gmail.com
  • nic-hdl: DY1085-AP
  • mnt-by: MAINT-WEST263GO-HK
  • last-modified: 2019-04-29T06:51:07Z
  • route: 103.120.80.0/24
  • origin: AS139021
  • descr: West263 International Limited
  • mnt-by: MAINT-WEST263GO-HK
  • last-modified: 2025-04-23T02:18:34Z

Links to attack logs

****** ****** ******

Share on: