113.161.43.81 Threat Intelligence and Host Information

May 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 113.161.43.81 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, SSH

  • JARM: 04d02d00004d04d00004d02d04d04d6b64279c20472e17718ddea38ab610fa

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Vietnam
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: androidjenkins.watacorp.com kibana.system-log.whiteball.tech grafana.linkerd.whiteball.tech notary.system-harbor.whiteball.tech elasticsearch.system-log.whiteball.tech poc.dev.watacorp.com jenkins.poc.dev.watacorp.com entity.poc.dev.watacorp.com product.poc.dev.watacorp.com loyalty.poc.dev.watacorp.com logging.poc.dev.watacorp.com web.linkerd.whiteball.tech project1.dev.watacorp.com spinnaker.whiteball.tech gate.spinnaker.whiteball.tech dod.poc-0405.whiteball.tech jenkins.poc-0405.whiteball.tech identity.poc-0405.whiteball.tech loyalty.poc-0405.whiteball.tech web.poc-0405.whiteball.tech logging.poc-0405.whiteball.tech entity.poc-0405.whiteball.tech search.poc-0405.whiteball.tech board.watacorp.com menewsfeed.watacorp.com hr.watacorp.com search.poc.dev.watacorp.com dod.poc.dev.watacorp.com web.poc.dev.watacorp.com identity.poc.dev.watacorp.com jaeger-query.default.whiteball.tech whiteball.tech core.system-harbor.whiteball.tech mtrx-ios.whiteball.tech product.poc-0405.whiteball.tech jenkins.poc.whiteball.tech dod.poc.whiteball.tech entity.poc.whiteball.tech product.poc.whiteball.tech identity.poc.whiteball.tech logging.poc.whiteball.tech search.poc.whiteball.tech loyalty.poc.whiteball.tech web.poc.whiteball.tech

Malware Detected on Host

Count: 2 7e6b2df08f87438682313349add6833e9271150237bae767e794e91e93259f7a dd89fe1b2a7586351694a0b28642b02ec99e4b02a3222c4cff871b8805120998

Open Ports Detected

1981 443

Map

Whois Information

  • inetnum: 113.160.0.0 - 113.191.255.255
  • netname: VNPT-VN
  • descr: Vietnam Posts and Telecommunications Group
  • descr: No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City
  • country: VN
  • admin-c: PTH13-AP
  • tech-c: PTH13-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-VN-VNNIC
  • mnt-lower: MAINT-VN-VNPT
  • mnt-routes: MAINT-VN-VNPT
  • last-modified: 2018-01-25T03:55:17Z
  • mnt-irt: IRT-VNNIC-AP
  • irt: IRT-VNNIC-AP
  • address: Ha Noi, VietNam
  • phone: +84-24-35564944
  • fax-no: +84-24-37821462
  • e-mail: hm-changed@vnnic.vn
  • abuse-mailbox: hm-changed@vnnic.vn
  • admin-c: NTTT1-AP
  • tech-c: NTTT1-AP
  • mnt-by: MAINT-VN-VNNIC
  • last-modified: 2017-11-08T09:40:06Z
  • person: Pham Tien Huy
  • address: VNPT-VN
  • country: VN
  • phone: +84-24-37741604
  • e-mail: huypt@vnpt.vn
  • nic-hdl: PTH13-AP
  • mnt-by: MAINT-VN-VNPT
  • last-modified: 2017-11-19T07:06:20Z
  • route: 113.161.32.0/19
  • descr: VietNam Post and Telecom Corporation (VNPT)
  • descr: VNPT-AS-AP
  • country: VN
  • origin: AS45899
  • notify: hm-changed@vnnic.net.vn
  • mnt-by: MAINT-VN-VNPT
  • last-modified: 2010-08-10T08:20:02Z

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2022-10-11 vultrmadrid-ssh-bruteforce-ip-list-2022-07-24 dofrank-ssh-bruteforce-ip-list-2022-11-13 dotoronto-ssh-bruteforce-ip-list-2022-11-19 dosing-ssh-bruteforce-ip-list-2022-11-04 ****** bruteforce-ip-list-2021-07-07 dotoronto-ssh-bruteforce-ip-list-2022-11-17 dofrank-ssh-bruteforce-ip-list-2022-09-21 vultrwarsaw-ssh-bruteforce-ip-list-2022-10-16 dofrank-ssh-bruteforce-ip-list-2022-10-13 ****** dosing-ssh-bruteforce-ip-list-2022-09-20 ******

Share on: