106.11.248.146 Threat Intelligence and Host Information

Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 106.11.248.146 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

Mitre ATT&CK IDs: T1059 - Command and Scripting Interpreter
Tags: 0x104, 0x11a, 0x12b, 0x14a, 0x14e, 0x228, 0x97, 0xc6, 0xe1, 0xf5, aafunction, afunction, android, april, array, array int8array, b1342177279, bad event, bad idp, child, class, closure library, cnzzdata, copyright, crios, customevent, czuuid, dafunction, date, edge, element, embed, error, fafafa, function, gc, gc3w7t6h5qw, gtmmdcvhgd, ienew ca, iframe, internal, invalid attempt, kafunction, kfunction, kkfunction, lh, meta, mit license, most, nkfunction, node, null, number, object, overlaylevel, p420, path, pseudo, public, qkfunction, quota, reduceright, regexp, rkfunction, sdkversion, skfunction, span, string, swiper, sxa0, symbol, template, this, trackevent, trackpageview, trident, typeerror, typeof, typeof b, typeof d, typeof define, typeof e, typeof enulle, typeof n, typeof r, typeof symbol, typeof t, ufunction, uint8array, umdistinctid, vd, version, void, win32, xlfunction, zdhxiong
View other sources: Spamhaus VirusTotal

Country: China
Network: AS37963 hangzhou alibaba advertising co. ltd.
Noticed: 1 times
Protcols Attacked: SSH
Passive DNS Results: 3modi.com aiis.tech aiis.love guru55.xyz fydch.com xn–8mrq2kk1b82dyt3ckdm.site hi-pwc.online chenglong.fun xingjihao.com zhjy2567.xyz gzklovezxp.xyz hfgj2008.top 78su.com dccam.xyz gzyzqt.top samsamgiftshop.com zyj511223.top viptbsc.com 1688tbsc.xyz hfgj2016.top xzw.life timnuoo.com imtoken2016.us xggj2012.top 1688tbsc.shop xggj2012.us auth.o9q.cn 002243.com tvka.cn ynding.fun alibaba-tam.com aliyun-ltd.com www.junnp03.xyz www.95bok.cn ht0428.xmcm168.com m.xmcm168.com mytb118.com myylgj0108.com sbgf300.com viplswjs88.com 118myxpj.com xmcm168.com myxpj118.com mywnsr89.com myxpj108.com 7710myvns.com xpj10188.com 5569mymgm.com szhj9897.com szhj10099.com jdjr3308.com jdjr1000.com jdjr8989.com nanmeibio.com tb1288.com www.misaya.ltd myamyh998.com kdai.net myxpj10188.com szhj8808.com xmcm88.com 0789xpj.vip fuliyun.net appjun.com vns0853168.vip denglijunying.top vns0853168.com myjdjr1000.com aliyunk.top lengqie.live dgaddr.com aliyun.it huijiadizhi.xyz aliyun.com

Open Ports Detected

1000 10001 102 1023 1024 10243 1025 10250 10443 10554 106 10911 1099 11 110 11000 111 11112 11210 11211 113 11300 11371 1153 1177 119 1200 122 1234 12345 13 1337 1344 135 1400 14147 14265 143 1433 1471 15 1515 1521 1599 16030 1604 16993 17 1723 1741 175 179 1800 1801 18081 18245 19 19000 19071 1911 1925 1926 1947 195 1951 1962 199 2000 20000 2002 2003 2006 2008 20256 2052 20547 2063 2067 2081 2082 2083 2086 2087 21025 2121 21379 2150 2154 2181 2222 23 23023 2332 2333 23424 2345 2375 2382 2404 2443 2455 25 25001 25105 25565 2566 2567 2568 2628 264 2650 27015 27017 2761 2762 28015 28017 3000 30002 30003 3001 3005 3050 3061 3070 3072 3077 3084 3086 3088 311 31337 32400 3260 3268 3269 32764 3299 3301 3306 33060 3310 3388 3389 3401 3405 35000 3541 3551 3557 37 37215 37777 3780 3790 389 4000 4022 4040 4063 4064 4117 4157 41800 4242 427 4282 43 4321 4369 44158 443 4433 444 4443 4444 44818 449 4500 4506 4567 465 4664 47990 4808 4840 4848 4899 49 4911 49152 4949 5000 50000 5001 50050 5006 5007 50070 5009 5010 50100 502 5025 503 51235 515 5172 5201 5222 53 5357 5432 5435 55000 554 55442 55443 5555 55553 55554 5601 5672 5801 5858 587 58749 593 5938 5984 5985 5986 60001 6001 60010 6002 60030 6005 60129 61613 61616 62078 62765 636 6372 6379 6443 646 6464 6565 6633 6653 666 6664 6666 6667 6668 6697 6887 70 7001 7003 7010 7071 7090 7171 7218 7434 7443 7547 7548 7634 7657 7700 771 7777 789 79 80 8001 8009 8021 8047 8064 808 8080 8081 8083 8085 8086 8087 8089 8090 8098 8099 81 8107 8111 8112 8123 8126 8139 8140 8181 82 8200 8237 8248 8291 8333 8334 8413 8423 8426 8428 8429 8431 8433 8443 8445 8500 8545 8554 8575 8586 8649 8728 873 8784 8790 88 8805 8821 8834 8842 8854 8862 8869 8871 8880 8888 8890 8989 9000 9001 9002 9003 9006 9007 9009 9015 9017 9018 9028 9042 9046 9051 9080 9090 9092 9095 9100 9101 9151 9160 9191 9199 9200 9208 9211 9221 9222 9295 9304 9418 9443 9530 9595 9600 9761 9800 9876 992 993 9943 9944 995 9981 9999

CVEs Detected

CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385

Map

Whois Information

inetnum: 106.11.0.0 - 106.11.255.255
netname: Taobao
descr: Zhejiang Taobao Network Co.,Ltd
descr: 2nd floor, Westlake International technology Building
descr: 391Wener Road, Hangzhou, China
country: CN
admin-c: ZM678-AP
tech-c: ZM877-AP
tech-c: ZM876-AP
abuse-c: AC1601-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-irt: IRT-TAOBAO-CN
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
last-modified: 2023-11-28T00:56:50Z
irt: IRT-Taobao-CN
address: 2nd floor, Westlake International technology Building, 391 Wener Road, Hangzhou
e-mail: didong.jc@alibaba-inc.com
abuse-mailbox: didong.jc@alibaba-inc.com
admin-c: ZM877-AP
tech-c: ZM877-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2021-09-05T23:38:36Z
role: ABUSE CNNICCN
address: Beijing, China
country: ZZ
phone: +000000000
e-mail: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
nic-hdl: AC1601-AP
abuse-mailbox: ipas@cnnic.cn
mnt-by: APNIC-ABUSE
last-modified: 2020-05-14T11:19:01Z
person: Shuo Yu
address: 5F, Builing D, the West Lake International Plaza of S&T
address: No.391 Wen’er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022600
e-mail: anti-spam@list.alibaba-inc.com
nic-hdl: ZM678-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2021-04-13T23:21:57Z
person: security trouble
e-mail: yitian.gaoyt@alibaba-inc.com
address: Hangzhou, Zhejiang, China
phone: +86-0571-85022600
country: CN
mnt-by: MAINT-CNNIC-AP
nic-hdl: ZM876-AP
last-modified: 2021-04-13T23:22:33Z
person: Guowei Pan
address: 5F, Builing D, the West Lake International Plaza of S&T
address: No.391 Wen’er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022088-30763
fax-no: +86-0571-85022600
e-mail: guowei.pangw@alibaba-inc.com
nic-hdl: ZM877-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2013-07-09T01:34:02Z
route: 106.11.248.0/24
origin: AS37963
descr: China Internet Network Information Center
mnt-by: MAINT-CNNIC-AP
last-modified: 2020-02-18T01:16:19Z
route: 106.11.248.0/24
origin: AS45102
descr: China Internet Network Information Center
mnt-by: MAINT-CNNIC-AP
last-modified: 2020-02-18T01:18:16Z

Links to attack logs

****** ****** ******

Share on: