106.11.172.9 Threat Intelligence and Host Information

Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 106.11.172.9 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1059 - Command and Scripting Interpreter

  • Tags: 0x104, 0x11a, 0x12b, 0x14a, 0x14e, 0x228, 0x97, 0xc6, 0xe1, 0xf5, aafunction, afunction, android, april, array, array int8array, b1342177279, bad event, bad idp, child, class, closure library, cnzzdata, copyright, crios, customevent, czuuid, dafunction, date, edge, element, embed, error, fafafa, function, gc, gc3w7t6h5qw, gtmmdcvhgd, home wifi, ienew ca, iframe, internal, invalid attempt, kafunction, kfunction, kkfunction, lh, meta, mit license, most, nkfunction, node, null, number, object, overlaylevel, p420, path, pseudo, public, qkfunction, quota, reduceright, regexp, rkfunction, sdkversion, skfunction, span, string, swiper, sxa0, symbol, template, this, trackevent, trackpageview, trident, typeerror, typeof, typeof b, typeof d, typeof define, typeof e, typeof enulle, typeof n, typeof r, typeof symbol, typeof t, ufunction, uint8array, umdistinctid, vd, version, void, win32, xlfunction, zdhxiong

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS37963 hangzhou alibaba advertising co. ltd.
  • Noticed: 25 times
  • Protcols Attacked: SSH
  • Passive DNS Results: 3modi.com aiis.tech aiis.love guru55.xyz fydch.com xn–8mrq2kk1b82dyt3ckdm.site hi-pwc.online chenglong.fun xingjihao.com zhjy2567.xyz gzklovezxp.xyz hfgj2008.top 78su.com dccam.xyz gzyzqt.top samsamgiftshop.com zyj511223.top viptbsc.com 1688tbsc.xyz hfgj2016.top xzw.life timnuoo.com qqqdg.com ibkr1978.com imtoken2016.us xggj2012.top 1688tbsc.shop xggj2012.us ibkr1978.xyz auth.o9q.cn 002243.com tvka.cn ynding.fun alibaba-tam.com aliyun-ltd.com www.junnp03.xyz www.95bok.cn ht0428.xmcm168.com m.xmcm168.com www.misaya.ltd kdai.net fuliyun.net appjun.com denglijunying.top aliyunk.top lengqie.live dgaddr.com yx3z.net huijiadizhi.xyz zhazham2.com www.zhazham2.com aliyun.com ynuf.alipay.com

Malware Detected on Host

Count: 1 f91b1240233cba0e1f3394795b1e42bb48a06624cf337e3c8024aff3b8637a80

Open Ports Detected

10000 10001 1012 10134 102 1023 1024 10243 1025 10250 104 10443 10554 10909 10911 1099 11 110 11000 111 11112 11210 11211 113 11300 11371 1177 119 1200 12000 1234 12345 13 1311 1337 13579 139 14147 14265 143 1433 14344 1471 1494 15 1521 1599 16030 1604 1660 16992 16993 17 1723 1741 175 179 1800 1801 18081 1820 18245 1883 19 19000 19071 1911 1925 1926 1935 195 1962 199 2000 20000 2002 2003 2006 2008 2020 20256 2053 20547 2065 2067 2081 2082 2083 2086 2087 21 21025 2111 2154 221 2222 2232 23 23023 2323 2332 2333 23424 2345 2375 2376 2404 2455 2480 25 25001 25105 2549 2551 25565 2566 26 2601 2628 264 27015 27017 2761 2762 28015 28017 30002 30003 3001 3050 3052 3060 3073 3087 3091 3092 3093 3101 311 3128 31337 32400 3260 3268 3269 32764 3299 3301 3306 33060 3310 3388 3389 3402 35000 3521 3541 3560 3561 3570 3689 3690 37 3749 37777 3780 3790 3791 389 3952 4000 4022 4040 4063 4064 4157 41800 427 4282 43 4321 4369 44158 443 4433 444 4443 4444 448 44818 450 4500 4505 4506 4545 4567 465 4664 4700 4782 4840 4848 4899 49 4911 49152 4949 5000 50000 5001 5003 5005 50050 5006 5007 50070 5009 5010 50100 502 5025 503 51106 51235 515 5172 5201 5222 5269 52869 53 5400 54138 5432 5494 55000 554 55442 55443 555 5555 55553 55554 5590 5601 5602 5605 5672 5800 5801 5858 587 58749 5900 5910 593 5938 5984 5985 5986 60001 6001 60010 6002 60030 6004 60129 61613 61616 62078 636 6379 6443 6510 6590 6622 6633 6653 666 6666 6667 6668 6697 70 7001 7071 7081 7090 7170 7171 7218 7415 7433 7434 7443 7445 7474 7535 7547 7548 7634 7657 7676 771 7777 7779 789 7989 80 8001 8008 8009 8010 8013 8016 8028 8034 8051 8055 8060 8080 8081 8082 8083 8085 8086 8087 8088 8089 8090 8098 8099 81 8100 8105 8123 8126 8139 8181 82 8200 8241 8291 8333 8334 8383 84 8401 8405 8409 8443 8444 8448 8500 8545 8554 8602 8622 8649 8728 873 8821 8825 8834 8846 8865 8880 8888 8889 8993 9000 9001 9017 902 9036 9042 9045 9051 9089 9090 9091 9092 9095 9100 9119 9151 9160 9191 9200 9203 9210 9215 9216 9221 9295 9306 9389 9418 9443 95 9530 9600 9633 9663 9761 9765 9800 9861 9869 9876 9899 992 993 9943 9944 9993 9994 9998 9999

CVEs Detected

CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10002 CVE-2016-10003 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-10735 CVE-2016-1908 CVE-2016-20012 CVE-2016-2390 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 CVE-2017-15906 CVE-2018-14040 CVE-2018-14042 CVE-2018-15473 CVE-2018-15919 CVE-2018-19131 CVE-2018-19132 CVE-2018-20676 CVE-2018-20677 CVE-2018-20685 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12522 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2019-8331 CVE-2020-11945 CVE-2020-14058 CVE-2020-14145 CVE-2020-15049 CVE-2020-15778 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25097 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-36368 CVE-2021-41617 CVE-2021-46784 CVE-2022-41318 CVE-2023-38408 CVE-2023-46724 CVE-2023-46728 CVE-2023-46846 CVE-2023-46847 CVE-2023-48795 CVE-2023-49285 CVE-2023-49286 CVE-2023-49288 CVE-2023-50269 CVE-2023-51384 CVE-2023-51385 CVE-2023-5824

Map

Whois Information

  • inetnum: 106.11.0.0 - 106.11.255.255
  • netname: Taobao
  • descr: Zhejiang Taobao Network Co.,Ltd
  • descr: 2nd floor, Westlake International technology Building
  • descr: 391Wener Road, Hangzhou, China
  • country: CN
  • admin-c: ZM678-AP
  • tech-c: ZM877-AP
  • tech-c: ZM876-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-irt: IRT-TAOBAO-CN
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • last-modified: 2023-11-28T00:56:50Z
  • irt: IRT-Taobao-CN
  • address: 2nd floor, Westlake International technology Building, 391 Wener Road, Hangzhou
  • e-mail: didong.jc@alibaba-inc.com
  • abuse-mailbox: didong.jc@alibaba-inc.com
  • admin-c: ZM877-AP
  • tech-c: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-05T23:38:36Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: ipas@cnnic.cn
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: ipas@cnnic.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: Shuo Yu
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022600
  • e-mail: anti-spam@list.alibaba-inc.com
  • nic-hdl: ZM678-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-04-13T23:21:57Z
  • person: security trouble
  • e-mail: yitian.gaoyt@alibaba-inc.com
  • address: Hangzhou, Zhejiang, China
  • phone: +86-0571-85022600
  • country: CN
  • mnt-by: MAINT-CNNIC-AP
  • nic-hdl: ZM876-AP
  • last-modified: 2021-04-13T23:22:33Z
  • person: Guowei Pan
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022088-30763
  • fax-no: +86-0571-85022600
  • e-mail: guowei.pangw@alibaba-inc.com
  • nic-hdl: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2013-07-09T01:34:02Z
  • route: 106.11.172.0/24
  • origin: AS37963
  • descr: China Internet Network Information Center
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-02-18T01:15:24Z
  • route: 106.11.172.0/24
  • origin: AS45102
  • descr: China Internet Network Information Center
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-02-18T01:17:24Z

Links to attack logs

****** ****** ******

Share on: