106.11.35.18 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 106.11.35.18 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

• Mitre ATT&CK IDs: T1059 - Command and Scripting Interpreter

• Tags: 0x104, 0x11a, 0x12b, 0x14a, 0x14e, 0x228, 0x97, 0xc6, 0xe1, 0xf5, aafunction, afunction, android, april, array, array int8array, b1342177279, bad event, bad idp, child, class, closure library, cnzzdata, copyright, crios, customevent, czuuid, dafunction, date, edge, element, embed, error, fafafa, function, gc, gc3w7t6h5qw, gtmmdcvhgd, ienew ca, iframe, internal, invalid attempt, kafunction, kfunction, kkfunction, lh, meta, mit license, most, nkfunction, node, null, number, object, overlaylevel, p420, path, pseudo, public, qkfunction, quota, reduceright, regexp, rkfunction, sdkversion, skfunction, span, string, swiper, sxa0, symbol, template, this, trackevent, trackpageview, trident, typeerror, typeof, typeof b, typeof d, typeof define, typeof e, typeof enulle, typeof n, typeof r, typeof symbol, typeof t, ufunction, uint8array, umdistinctid, vd, version, void, win32, xlfunction, zdhxiong

• View other sources: Spamhaus VirusTotal

• Country: China
• Network: AS37963 hangzhou alibaba advertising co. ltd.
• Noticed: 1 times
• Protcols Attacked: SSH
• Passive DNS Results: aidc-ai.com ns2.cdngslb.com gdsns2.1688.com gdsns2.alibaba-inc.com gdsns2.taobao.com ns2.alibabadns.com gdsns2.tanx.com

Open Ports Detected

10000 10001 10134 102 1023 10250 1028 104 10443 10554 10909 10911 1099 110 111 11210 11211 113 1153 1177 119 1200 12000 12345 1250 1290 13 1311 135 1355 1400 14147 14265 143 1433 1471 15 1515 1521 1588 1599 16030 1604 16993 1741 175 179 1800 1801 1833 1883 19 1911 1925 1926 1935 195 1951 1962 2000 20000 2002 2008 2022 20256 20547 2056 2057 2067 2068 2080 2081 2082 2083 2086 2087 21 21025 2121 21379 2150 2154 2181 2200 221 2211 2222 23 23023 2332 2333 2345 2375 2376 2404 2455 25 25001 25105 2554 25565 2561 2562 2568 26 2601 2602 2628 264 27015 27017 2761 2762 3000 30002 30003 3001 3050 3061 3062 3080 3082 3093 3099 3105 311 3112 3116 3118 31337 32400 3260 3268 3269 32764 3301 3306 33060 3310 3333 3389 3542 3563 3570 3689 37 3749 37777 3780 3790 38 389 3922 4000 4001 4022 4040 4064 4157 41800 4190 4242 427 4282 43 4321 4369 443 4433 444 4443 4444 44818 4506 465 4664 4747 4782 4786 47990 4840 4899 49 4911 49153 4949 50000 5001 5002 5003 5005 50050 5006 5007 50070 5010 50100 502 5025 503 5080 5090 51235 515 5172 5222 53 54138 5432 5435 548 55000 554 55442 55443 5555 55553 55554 5560 5598 5601 5609 5672 5801 5858 587 593 5938 59417 5984 5985 5986 6001 60010 6002 60030 6010 60129 6080 61613 61616 62078 6308 631 636 6379 6443 6561 6633 6650 6653 666 6664 6666 6667 6668 6697 70 7001 7014 7071 7171 7218 7415 7433 7434 7443 7465 7474 7548 7634 7657 7676 771 7777 7779 789 79 7989 7999 8001 8005 8007 8008 8009 8011 8021 8023 8025 8048 8057 8058 8069 8081 8083 8084 8085 8087 8089 8090 8098 8101 8105 8112 8118 8123 8126 8140 8143 8182 8190 82 8200 8236 8237 8252 8291 83 8333 8334 84 8403 8406 8429 8443 8500 8545 8554 8575 8623 8649 8728 873 8790 8800 8822 8823 8824 8827 8834 8837 8840 8847 8859 8864 8868 8869 8872 8875 8877 8878 8880 8888 8889 8891 8969 9002 9009 902 9028 9033 9036 9042 9045 9051 9084 9088 9090 9091 9092 9095 9096 9098 9100 9151 9160 9191 9200 9203 9208 9302 9306 9418 9443 95 9530 9600 9633 9761 98 9800 9869 9876 992 993 9943 995 9955 9981 9990 9998 9999

CVEs Detected

CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10002 CVE-2016-10003 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2016-2390 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-19131 CVE-2018-19132 CVE-2018-20685 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12522 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-11945 CVE-2020-14058 CVE-2020-14145 CVE-2020-15049 CVE-2020-15778 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25097 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-36368 CVE-2021-41617 CVE-2021-46784 CVE-2022-41318 CVE-2023-38408 CVE-2023-46724 CVE-2023-46728 CVE-2023-46846 CVE-2023-46847 CVE-2023-48795 CVE-2023-49288 CVE-2023-50269 CVE-2023-51384 CVE-2023-51385

Map

Whois Information

• inetnum: 106.11.0.0 - 106.11.255.255
• netname: Taobao
• descr: Zhejiang Taobao Network Co.,Ltd
• descr: 2nd floor, Westlake International technology Building
• descr: 391Wener Road, Hangzhou, China
• country: CN
• admin-c: ZM678-AP
• tech-c: ZM877-AP
• tech-c: ZM876-AP
• abuse-c: AC1601-AP
• status: ALLOCATED PORTABLE
• mnt-by: MAINT-CNNIC-AP
• mnt-irt: IRT-TAOBAO-CN
• mnt-lower: MAINT-CNNIC-AP
• mnt-routes: MAINT-CNNIC-AP
• last-modified: 2023-11-28T00:56:50Z
• irt: IRT-Taobao-CN
• address: 2nd floor, Westlake International technology Building, 391 Wener Road, Hangzhou
• e-mail: didong.jc@alibaba-inc.com
• abuse-mailbox: didong.jc@alibaba-inc.com
• admin-c: ZM877-AP
• tech-c: ZM877-AP
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2021-09-05T23:38:36Z
• role: ABUSE CNNICCN
• address: Beijing, China
• country: ZZ
• phone: +000000000
• e-mail: ipas@cnnic.cn
• admin-c: IP50-AP
• tech-c: IP50-AP
• nic-hdl: AC1601-AP
• abuse-mailbox: ipas@cnnic.cn
• mnt-by: APNIC-ABUSE
• last-modified: 2020-05-14T11:19:01Z
• person: Shuo Yu
• address: 5F, Builing D, the West Lake International Plaza of S&T
• address: No.391 Wen’er Road, Hangzhou City
• address: Zhejiang, China, 310099
• country: CN
• phone: +86-0571-85022600
• e-mail: anti-spam@list.alibaba-inc.com
• nic-hdl: ZM678-AP
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2021-04-13T23:21:57Z
• person: security trouble
• e-mail: yitian.gaoyt@alibaba-inc.com
• address: Hangzhou, Zhejiang, China
• phone: +86-0571-85022600
• country: CN
• mnt-by: MAINT-CNNIC-AP
• nic-hdl: ZM876-AP
• last-modified: 2021-04-13T23:22:33Z
• person: Guowei Pan
• address: 5F, Builing D, the West Lake International Plaza of S&T
• address: No.391 Wen’er Road, Hangzhou City
• address: Zhejiang, China, 310099
• country: CN
• phone: +86-0571-85022088-30763
• fax-no: +86-0571-85022600
• e-mail: guowei.pangw@alibaba-inc.com
• nic-hdl: ZM877-AP
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2013-07-09T01:34:02Z
• route: 106.11.35.0/24
• origin: AS37963
• descr: China Internet Network Information Center
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2020-02-18T01:13:52Z
• route: 106.11.35.0/24
• origin: AS45102
• descr: China Internet Network Information Center
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2020-02-18T01:15:48Z

Links to attack logs

****** ****** ******