120.31.70.142 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 120.31.70.142 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1046 - Network Service Scanning, T1423 - Network Service Scanning, T1595.001 - Scanning IP Blocks, T1595.002 - Vulnerability Scanning, T1596.005 - Scan Databases, TA0043 - Reconnaissance

• Tags: awsau, awsindia, awsjap, bruteforce, cyber security, ioc, malicious, Nextray, phishing, redis, Scanner, scanning, smtp, ssh, tcp, Webattack

• View other sources: Spamhaus VirusTotal

• Country: China
• Network: AS134764 chinanet guangdong province network
• Noticed: 50 times
• Protocols Attacked: redis
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, India, Italy, Japan, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: tgbus-dev-xy.tgbus.com new-tgbus-app-dev.xy.huijitrans.com simple-hotniuer.xy.huijitrans.com news-graphql.dev.huijitrans.com tgbus-game-dev.xy.huijitrans.com dashboard.xy.huijitrans.com go-tgbus-api-dev.xy.huijitrans.com qianfang-apis.xy.huijitrans.com strategycms.xy.huijitrans.com strategy.xy.huijitrans.com tgbus-ssr.xy.huijitrans.com etcd.xy.huijitrans.com niuer-req.dev.huijitrans.com ad-server-dev.xy.huijitrans.com grafana.xy.huijitrans.com ad-monitor.xy.huijitrans.com niuer-ads.dev.huijitrans.com grayscale-client.xy.huijitrans.com cms-lite.xy.huijitrans.com shorturl.xy.huijitrans.com hotniuer2-build-allianceads.dev.huijitrans.com hotniuer2-build-alianceads.dev.huijitrans.com tgbus-shop-nga.dev.huijitrans.com grayscale.xy.huijitrans.com cm-editor.xy.huijitrans.com metrics.xy.huijitrans.com ads-api-util.xy.huijitrans.com ad-server.xy.huijitrans.com tgbus-app.xy.huijitrans.com shortener.xy.huijitrans.com a9vg-mobile.dev.huijitrans.com tgbus-mobile.dev.huijitrans.com review-ad.xy.huijitrans.com admin-sso.xy.huijitrans.com tgbus-user.xy.huijitrans.com dataapi.tgbus.com dataapi.tgbus.donews.com a9vg-dev.xy.huijitrans.com tgbus-comment.xy.huijitrans.com shop-nga.tgbus.com store.tgbus.com kibana.xy.huijitrans.com glcms.xy.huijitrans.com alert.xy.huijitrans.com db-api.xy.huijitrans.com minio-db.xy.huijitrans.com prometheus.xy.huijitrans.com readonly.xy.huijitrans.com hotniuer2.xy.huijitrans.com storm-ui.xy.huijitrans.com tgbus-mobile.xy.huijitrans.com tgbus-shop-dev.xy.huijitrans.com g1-sdk-test.xy.huijitrans.com tgbus-live.xy.huijitrans.com xiaomi-client.xy.huijitrans.com charts.xy.huijitrans.com rook.xy.huijitrans.com tgbus-api.xy.huijitrans.com data-util.xy.huijitrans.com flink-ui.xy.huijitrans.com game.xy.huijitrans.com tgbus-user-behavior.xy.huijitrans.com graqhql-game-lib-dev.xy.huijitrans.com news-graphql2.xy.huijitrans.com advert-manage-dev.xy.huijitrans.com graphql.xy.huijitrans.com a9vg-app.xy.huijitrans.com news-graphql.xy.huijitrans.com adboost.xy.huijitrans.com niuer-ads.xy.huijitrans.com niuer-req.xy.huijitrans.com g1.tagtic.cn tgbusdata.cn

Malware Detected on Host

Count: 1 82092d99e6a34a271c69617a053cb1ef20c8b30817e7f39b1300fc252c7d9fc3

Map

Whois Information

• inetnum: 120.31.0.0 - 120.31.255.255
• netname: RJNET
• descr: FoShan RuiJiang Science and Tech Ltd.
• descr: Room 203 , No.6, PingYuanBei Street, Foshan, GuangDong, China..528000
• country: CN
• admin-c: YM771-AP
• tech-c: YM771-AP
• abuse-c: AC1601-AP
• status: ALLOCATED PORTABLE
• mnt-by: MAINT-CNNIC-AP
• mnt-irt: IRT-RJNET-CN
• mnt-lower: MAINT-CNNIC-AP
• mnt-routes: MAINT-CNNIC-AP
• last-modified: 2023-11-28T00:57:00Z
• irt: IRT-RJNET-CN
• address: Room 203 , No.6, PingYuanBei Street, Foshan, Guangdong, China
• e-mail: cnshiwei@efly.cc
• abuse-mailbox: cnshiwei@efly.cc
• admin-c: YM771-AP
• tech-c: YM771-AP
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2021-08-10T05:50:25Z
• role: ABUSE CNNICCN
• address: Beijing, China
• country: ZZ
• phone: +000000000
• e-mail: ipas@cnnic.cn
• admin-c: IP50-AP
• tech-c: IP50-AP
• nic-hdl: AC1601-AP
• abuse-mailbox: ipas@cnnic.cn
• mnt-by: APNIC-ABUSE
• last-modified: 2020-05-14T11:19:01Z
• person: Yu Min
• nic-hdl: YM771-AP
• address: Room 203 , No.6, PingYuanBei Street, Foshan, GuangDong, China��528000
• country: CN
• phone: +86-757-83820988
• fax-no: +86-757-82366663
• e-mail: gd123@126.com
• mnt-by: MAINT-CNNIC-AP
• last-modified: 2008-09-04T07:50:20Z
• route: 120.31.64.0/18
• descr: CNC Group CHINA169 Guangdong Province network
• descr: Addresses from CNNIC(RJNET)
• country: CN
• origin: AS17816
• mnt-by: MAINT-CNCGROUP-RR
• last-modified: 2008-12-12T02:45:06Z

Links to attack logs

awsjap-redis-bruteforce-ip-list-2021-12-24 awsindia-redis-bruteforce-ip-list-2022-03-23 awsau-redis-bruteforce-ip-list-2022-04-01 awsindia-redis-bruteforce-ip-list-2022-01-25 awsindia-redis-bruteforce-ip-list-2022-03-30 awsindia-redis-bruteforce-ip-list-2022-04-03 ****** awsindia-redis-bruteforce-ip-list-2022-03-21 awsjap-redis-bruteforce-ip-list-2022-03-08 awsindia-redis-bruteforce-ip-list-2022-03-16 awsau-redis-bruteforce-ip-list-2022-03-09 awsau-redis-bruteforce-ip-list-2022-02-10 awsjap-redis-bruteforce-ip-list-2022-02-12 awsindia-redis-bruteforce-ip-list-2022-01-23 awsjap-redis-bruteforce-ip-list-2022-03-27 awsau-redis-bruteforce-ip-list-2021-12-20 awsjap-redis-bruteforce-ip-list-2021-12-21 ****** awsjap-redis-bruteforce-ip-list-2022-03-24 awsau-redis-bruteforce-ip-list-2021-12-27 ****** awsau-redis-bruteforce-ip-list-2021-12-22 awsjap-redis-bruteforce-ip-list-2022-03-16