110.42.1.5 Threat Intelligence and Host Information

Share on:

Oct 16, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 110.42.1.5 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

Mitre ATT&CK IDs: T1110 - Brute Force
Tags: brute force, Bruteforce, Brute-Force, ssh, SSH
View other sources: Spamhaus VirusTotal
Contained within other IP sets: stopforumspam_180d, stopforumspam_365d
Country: China
Network: AS136188 ningbo zhejiang province p.r.china.
Noticed: 1 times
Protcols Attacked: redis ssh telnet
Countries Attacked: Australia
Passive DNS Results: live.nnqianyan.cn lemonsk.f3322.net www.hbrs888.com

Malware Detected on Host

Count: 6 00e65a27a44e9e7d2ee42dc36eec860f8c75923645a827b90a38bbae9e446ce2 72f240395fbf31199ae1daef6a9ab5201a6b0396078b8b35071383e14f2c8fd1 51f1430750b6a2d06e9fc025018f19c0b386e848b91b69e2e3c192419af7eb8f ca4987d2153465e3ab71f5658a7ecaf4a2c8df1ca7ce24a14714870fd4bbdaa8 4cb2b713819ae05a6f4528f2e7e0614ba7ad0292b395b4cf1296cd6ecfae0bab 28e9aff45aefe20f2e37b1bd1ad1f366e9d4691552724ef40409cf69ada0c2d5

Open Ports Detected

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

inetnum: 110.42.0.0 - 110.42.127.255
netname: nbgaofang
descr: Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd
descr: 1088-13 No.1558 Jiangnan Road,NingBo,China
country: CN
admin-c: YW6719-AP
tech-c: JS3943-AP
abuse-c: AC1601-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
last-modified: 2021-06-16T01:32:35Z
irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: IP50-AP
tech-c: IP50-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2021-06-16T01:39:57Z
role: ABUSE CNNICCN
address: Beijing, China
country: ZZ
phone: +000000000
e-mail: [email protected]
admin-c: IP50-AP
tech-c: IP50-AP
nic-hdl: AC1601-AP
abuse-mailbox: [email protected]
mnt-by: APNIC-ABUSE
last-modified: 2020-05-14T11:19:01Z
person: Tianyuan Wu
address: 1088-13 No.1558 Jiangnan Road,NingBo,China
country: CN
phone: +86-0574-88093323
e-mail: [email protected]
nic-hdl: JS3943-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-03-16T01:56:02Z
person: Jingjing Xu
address: 1088-13 No.1558 Jiangnan Road,NingBo,China
country: CN
phone: +86-0574-88093323
e-mail: [email protected]
nic-hdl: YW6719-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-03-16T01:56:01Z

Links to attack logs