119.28.55.81 Threat Intelligence and Host Information

Share on:
Jul 16, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 119.28.55.81 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing

  • Tags: Nextray, cowrie, cyber security, ioc, malicious, phishing, ssh

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Hong Kong
  • Network: AS132203 tencent building kejizhongyi avenue
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.aiyouxi287.com www.aiyouxi300.com aiyouxi312.com www.aiyouxi301.com aiyouxi311.com www.aiyouxi323.com aiyouxi301.com www.aiyouxi311.com www.aiyouxi288.com www.aiyouxi337.com www.aiyouxi289.com www.aiyouxi312.com www.aiyouxi336.com aiyouxi325.com aiyouxi289.com www.aiyouxi325.com www.aiyouxi313.com aiyouxi336.com aiyouxi324.com www.aiyouxi335.com aiyouxi323.com aiyouxi335.com aiyouxi299.com aiyouxi337.com aiyouxi313.com aiyouxi300.com www.aiyouxi299.com www.aiyouxi324.com aiyouxi287.com aiyouxi288.com www.plo8b.com www.nd661.com www.h01iq.com www.ap1zj.com www.c749f.com www.oi9zv.com www.736sz.com www.ta4hs.com www.pnquo.com www.pims4.com www.oxrq2.com www.786za.com www.awlp4.com www.yf3u6.com www.sr99b.com www.rnmsb.com www.kex4r.com www.ixryt.com www.v7xkg.com www.55ih5.com www.fs3t8.com www.17w10.com www.z465z.com www.dy8oa.com dy8oa.com 6xxy7.com www.6xxy7.com www.e8g3u.com e8g3u.com ap1zj.com awlp4.com ta4hs.com c749f.com v7xkg.com s4pe3.com sr99b.com h01iq.com z465z.com ixryt.com plo8b.com pims4.com yf3u6.com pnquo.com oeq5v.com oi9zv.com oxrq2.com nd661.com 786za.com 55ih5.com 5j7g4.com 736sz.com 5jaav.com 17w10.com kex4r.com rn7fq.com rnmsb.com fs3t8.com www.2sqtx.com www.gkdfk.com jnofh.com 17sml.com www.e9red.com e9red.com v7afx.com 2sqtx.com www.17sml.com gkdfk.com www.jnofh.com www.v7afx.com www.qv1p7.com p09co.com qv1p7.com www.27w15.com nlf3e.com www.klo1s.com www.wicuc.com www.p09co.com klo1s.com 27w15.com www.nlf3e.com wicuc.com www.6gl22.com www.rfhsp.com www.e9qi9.com 6gl22.com www.cl307.com rfhsp.com www.kgfo6.com e9qi9.com cl307.com www.n8uk4.com kgfo6.com n8uk4.com www.mvfeo.com www.ekmmy.com www.mxvh1.com www.bdnlh.com www.vh5rt.com vh5rt.com mvfeo.com w8j7q.com bdnlh.com mxvh1.com www.w8j7q.com ekmmy.com

Map

Whois Information

  • inetnum: 119.28.0.0 - 119.29.255.255
  • netname: TencentCloud
  • descr: Tencent cloud computing (Beijing) Co., Ltd.
  • descr: Floor 6, Yinke Building,38 Haidian St,
  • descr: Haidian District Beijing
  • country: HK
  • admin-c: JT1125-AP
  • tech-c: JX1747-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-routes: MAINT-TENCENT-NET-AP-CN
  • mnt-irt: IRT-CNNIC-CN
  • last-modified: 2021-06-16T01:29:00Z
  • irt: IRT-CNNIC-CN
  • address: Beijing, China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-06-16T01:39:57Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: James Tian
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-84952
  • e-mail: [email protected]
  • nic-hdl: JT1125-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:37:15Z
  • person: Jimmy Xiao
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-80224
  • e-mail: [email protected]
  • nic-hdl: JX1747-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:38:09Z
  • route: 119.28.0.0/18
  • descr: ComsenzNet routes
  • origin: AS133478
  • mnt-by: MAINT-COMSENZ1-CN
  • last-modified: 2015-12-14T12:36:01Z

Links to attack logs

bruteforce-ip-list-2020-11-16 bruteforce-ip-list-2020-11-12 aws-ssh-bruteforce-ip-list-2021-04-02