119.63.197.139 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 119.63.197.139 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution

• Tags: address, all octoseek, analyze, ascii text, august, body length, bundled, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, ck id, code, communicating, contact, contacted, contacted urls, dropped, execution, factory, february, feeds ioc, file, final url, formbook, getprocaddress, gmt connection, gopher, headers date, historical ssl, hostnames, http, http response, hybrid, iocs, ioc search, july, kb body, localappdata, malware, mitre att, new ioc, njrat, obz4usfn0, obz4usfn0 http, obz4usfn0 url, passive dns, paste, path, post, putty, ransomware, referrer, resolutions, sample, scan endpoints, screenshot, serving ip, sfqh4dt74w0 url, sha256, show technique, ssl certificate, status code, teams api, temp, threat, threat analyzer, threat roundup, ukhdaauqaaaaaac, unique, urls, urls https, vj87, whois record, whois ssl, whois whois, windir

• View other sources: Spamhaus VirusTotal

• Country: Japan
• Network:
• Noticed: 6 times
• Protocols Attacked: SSH
• Passive DNS Results: taeghfh.net mtoken-u.com zhongwei1.com www.612sf.com 370sf.com www.370sf.com www.370cq.com 370cq.com www.124cq.com www.985sf.com www.340sf.com 697sf.com www.697sf.com www.qq210sf.top qq210sf.top sf405.com 612sf.com 124cq.com 405sf.com 340sf.com 840sf.com 540sf.com 650sf.com sf480.com 670sf.com bowuyue.com gaofang.cloud www.474sf.com www.sf480.com www.780sf.com 474sf.com 753sf.com 928sf.com liaoyinchun520.gaofang.cloud 985sf.com 981sf.com gtm-cn-n6w240zie16.gaofang.cloud 290sf.com m.cpb79.com wap.wshifen.com www.wshifen.com sp1.baidu.com sp0.baidu.com www.baidu.com

Malware Detected on Host

Count: 45 bcb7a138c121ae21528a778b4eacc166f50f2479fb77e9bf69287224fd89b6e0 0c5e006e2b54e395d59c11149328347c3ad05fa5415039b37ce17e85f1f0ebe7 f8addc8af2a809cc04d0d2be5808a6270ab0c8fe1df7998048c3a74698a1abd7 f37dc9c55ef120fa050a03a2b8065b462c7714a061f5be5e45c4455496d37c75 cf0cb7eb06cfcd4f5fda61c7e3459c7b2220d62eeffb361049b477e2f30a57e1 4b5d78d5066ad168027d3930ba2751dcd74a7c4b134d479056a11e0eb34e0beb c2fff4aa68832a06b14d07f2b39b0a84cd2bbd6a04e01f6e50d3eda780bf13a5 67f8014a03466322cfa0abd06272c6dbc6037d06936af6696c425a160c66fa2c 6e648e235dc5dbb60a2c881ffd2c4a5778e4cfe187a53aa9568dc7d1656c033d a166820132f7ddab20eca9b0ccd7af7f7620b471571cb3578df2bbe81ed846a1

Open Ports Detected

443 80

Map

Whois Information

• inetnum: 119.63.192.0 - 119.63.199.255
• netname: BAIDUJP
• descr: Baidu Japan Inc.
• descr: Roppongi-Hills Mori-Tower 39th Floor,
• descr: 6-10-1 Roppongi Minato-ku, Tokyo 106-6139 Japan
• country: JP
• admin-c: JNIC1-AP
• tech-c: JNIC1-AP
• status: ALLOCATED PORTABLE
• mnt-by: MAINT-JPNIC
• mnt-irt: IRT-JPNIC-JP
• mnt-lower: MAINT-JPNIC
• last-modified: 2021-09-10T02:40:02Z
• irt: IRT-JPNIC-JP
• address: Uchikanda OS Bldg 4F, 2-12-6 Uchi-Kanda
• address: Chiyoda-ku, Tokyo 101-0047, japan
• e-mail: hostmaster@nic.ad.jp
• abuse-mailbox: hostmaster@nic.ad.jp
• phone: +81-3-5297-2311
• fax-no: +81-3-5297-2312
• admin-c: JNIC1-AP
• tech-c: JNIC1-AP
• mnt-by: MAINT-JPNIC
• last-modified: 2025-04-10T11:04:13Z
• role: Japan Network Information Center
• address: Uchikanda OS Bldg 4F, 2-12-6 Uchi-Kanda
• address: Chiyoda-ku, Tokyo 101-0047, Japan
• country: JP
• phone: +81-3-5297-2311
• fax-no: +81-3-5297-2312
• e-mail: hostmaster@nic.ad.jp
• admin-c: JI13-AP
• tech-c: JE53-AP
• nic-hdl: JNIC1-AP
• mnt-by: MAINT-JPNIC
• last-modified: 2022-01-05T03:04:02Z
• inetnum: 119.63.192.0 - 119.63.199.255
• netname: BAIDUJP-CIDR-BLK-JP
• descr: Baidu Japan Inc.
• country: JP
• admin-c: LY1268JP
• tech-c: LY1268JP
• last-modified: 2021-09-10T20:35:57Z

Links to attack logs

****** ****** ******