119.63.197.151 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 119.63.197.151 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution

• Tags: 2022, a018, address, all octoseek, analyze, ascii text, august, baidu, bb12, bccwp, body length, bundled, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, ck id, code, communicating, contact, contacted, contacted urls, dropped, execution, factory, february, feeds ioc, file, final url, formbook, getprocaddress, gmt connection, gopher, headers date, historical ssl, hostnames, http, http response, hybrid, iocs, ioc search, july, kb body, kvt49l, localappdata, malware, mitre att, new ioc, njrat, nmclfl1 https, obz4usfn0, obz4usfn0 http, obz4usfn0 url, passive dns, paste, path, post, putty, ransomware, referrer, resolutions, sample, scan endpoints, screenshot, serving ip, sfqh4dt74w0 url, sha256, show technique, ssl certificate, status code, teams api, temp, threat, threat analyzer, threat roundup, ukhdaauqaaaaaac, unique, urls, urls https, vj87, whois record, whois ssl, whois whois, windir, windows android, 云存储, 免费网盘, 同步, 外链分享, 百度云, 百度网盘, 离线下载, 网盘, 网盘下载, 网盘资源, 网络u盘, 网络硬盘

• View other sources: Spamhaus VirusTotal

• Country: Japan
• Network:
• Noticed: 8 times
• Protocols Attacked: SSH
• Passive DNS Results: jk88.cfd 888vip.cfd supermanvip.xyz juzihudie.com www.612sf.com 370sf.com www.370sf.com www.370cq.com 370cq.com www.124cq.com www.985sf.com www.340sf.com 697sf.com www.697sf.com www.qq210sf.top qq210sf.top sf405.com 612sf.com 124cq.com 405sf.com 340sf.com 840sf.com 540sf.com 650sf.com sf480.com 670sf.com gaofang.cloud www.474sf.com www.sf480.com www.780sf.com 474sf.com 753sf.com 928sf.com liaoyinchun520.gaofang.cloud 985sf.com 981sf.com gtm-cn-n6w240zie16.gaofang.cloud 290sf.com lmword.com wap.wshifen.com www.wshifen.com sp1.baidu.com china-cbn.com sp0.baidu.com www.baidu.com

Malware Detected on Host

Count: 36 0c5e006e2b54e395d59c11149328347c3ad05fa5415039b37ce17e85f1f0ebe7 9cd86226f7a018f64252b63da499ff5f851a917333e3c4a43c4d68c4ba95e1ed cf0cb7eb06cfcd4f5fda61c7e3459c7b2220d62eeffb361049b477e2f30a57e1 4b5d78d5066ad168027d3930ba2751dcd74a7c4b134d479056a11e0eb34e0beb dc9b7a4f221ee03496d6d09ebc82dccd9803ec3930343ce6b59309789b53c16e a166820132f7ddab20eca9b0ccd7af7f7620b471571cb3578df2bbe81ed846a1 ee1a3d5ad32893425bd3f00a4a7e0e1677700c047d30ab44f35a1b4938130762 f1e8b7b94d069534d387e8c10cb9b4d39f9e94a717412f07472222c96973dc6f b1d22fdbd48bf69afaacf0f2f2a151974f6a43ece2399e662fc2b079862492c9 07339238d2b3e1b227b62ebf85b6e4683ab4c4481c3c6b9e56dc7ca582d60141

Open Ports Detected

443 80

Map

Whois Information

• inetnum: 119.63.192.0 - 119.63.199.255
• netname: BAIDUJP
• descr: Baidu Japan Inc.
• descr: Roppongi-Hills Mori-Tower 39th Floor,
• descr: 6-10-1 Roppongi Minato-ku, Tokyo 106-6139 Japan
• country: JP
• admin-c: JNIC1-AP
• tech-c: JNIC1-AP
• status: ALLOCATED PORTABLE
• mnt-by: MAINT-JPNIC
• mnt-irt: IRT-JPNIC-JP
• mnt-lower: MAINT-JPNIC
• last-modified: 2021-09-10T02:40:02Z
• irt: IRT-JPNIC-JP
• address: Uchikanda OS Bldg 4F, 2-12-6 Uchi-Kanda
• address: Chiyoda-ku, Tokyo 101-0047, japan
• e-mail: hostmaster@nic.ad.jp
• abuse-mailbox: hostmaster@nic.ad.jp
• phone: +81-3-5297-2311
• fax-no: +81-3-5297-2312
• admin-c: JNIC1-AP
• tech-c: JNIC1-AP
• mnt-by: MAINT-JPNIC
• last-modified: 2025-04-10T11:04:13Z
• role: Japan Network Information Center
• address: Uchikanda OS Bldg 4F, 2-12-6 Uchi-Kanda
• address: Chiyoda-ku, Tokyo 101-0047, Japan
• country: JP
• phone: +81-3-5297-2311
• fax-no: +81-3-5297-2312
• e-mail: hostmaster@nic.ad.jp
• admin-c: JI13-AP
• tech-c: JE53-AP
• nic-hdl: JNIC1-AP
• mnt-by: MAINT-JPNIC
• last-modified: 2022-01-05T03:04:02Z
• inetnum: 119.63.192.0 - 119.63.199.255
• netname: BAIDUJP-CIDR-BLK-JP
• descr: Baidu Japan Inc.
• country: JP
• admin-c: LY1268JP
• tech-c: LY1268JP
• last-modified: 2021-09-10T20:35:57Z

Links to attack logs

****** ****** ******