121.4.122.206 Threat Intelligence and Host Information

Share on:
Jul 12, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 121.4.122.206 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 46/100

Host and Network Information

  • Mitre ATT&CK IDs: T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1499.002 - Service Exhaustion Flood

  • Tags: DDOS, DDoS, HEAD Floods, KillNet, Killnet, T1498, T1499, anna paula, associated, cc.py, currc3adculo, from email, headers, malspam email, msi file, tuesday, utf8, zip archive

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS45090 shenzhen tencent computer systems company limited
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Passive DNS Results: ascrutae.eicp.top 23c37j5224.oicp.vip 25645vn713.zicp.vip 4p043900x5.zicp.vip 252q6992s8.qicp.vip xe27104513.zicp.vip 49c899016v.zicp.vip qilong8071.gicp.net ttmonkeyboy.yicp.io 468a771h53.zicp.vip v1953076i2.wicp.vip 4586y68k53.qicp.vip 3812l53r04.wicp.vip zyl3162.oicp.net wmfs14.vicp.cc 2338ob3114.zicp.vip 51688354py.wicp.vip 2ka4783045.zicp.vip zbxmgl.qicp.vip 42v032q815.qicp.vip 5z9438j079.goho.co totintz.wicp.net msmchl.xicp.net www.lyacc.cn yuwangbvi.oicp.net 51832f72q2.zicp.vip lyacc.cn unicornlighting.qicp.vip yuejuankuangfeng.yicp.top e286b10597.wicp.vip 4484l8t203.qicp.vip bochao2010.gicp.net 397wa44017.qicp.vip 56x21988d7.goho.co 49706476qq.imwork.net b3629p3914.wicp.vip 2860lh1047.wicp.vip yangjiacheng1996.eicp.top 3191i15c11.qicp.vip 542d3634t3.qicp.vip 5t4u234530.wicp.vip 401d3077v7.wicp.vip 23pd641977.iask.in k1704735c9.qicp.vip 3d7947297l.qicp.vip mashuangxi9.oicp.net 39b0770y20.wicp.vip 420r9j7688.wicp.vip lixin.eicp.net 3837c363w7.wicp.vip 51xhf.cn

Malware Detected on Host

Count: 6 f7bae9392c2946b19d33a5a9fa177f50908987725e67783ce234eb77aa85ff40 f439afaa26c03ed010989d1780c1ed7750fe5e62cadb7ff15525cb971c20e640 793c64c30a4c2fe94cc1ea65c948994725dd8acf6dbe353c027904b11b810541 7f7bbf71f056ecf946ec66e53de9b16bea82ff15238fb2cd68c6d4cf0f0fc95e 9f0b53652202ef427b78a25412c87d27261e7eedbb55a240466c5bcf770ddadc ddbcb1995d1c655d5e4771b76e476f00f442c0da2827d325b42c0f61f11bc365

Open Ports Detected

10001 10243 13579 22222 25001 33060 44158 443 80

CVEs Detected

CVE-2010-1899 CVE-2010-2730 CVE-2010-3972

Map

Whois Information

  • inetnum: 121.4.0.0 - 121.5.255.255
  • netname: TencentCloud
  • descr: Tencent cloud computing (Beijing) Co., Ltd.
  • descr: Floor 6, Yinke Building,38 Haidian St,
  • descr: Haidian District Beijing
  • country: CN
  • admin-c: JT1125-AP
  • tech-c: JX1747-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • mnt-irt: IRT-CNNIC-CN
  • last-modified: 2021-06-16T01:32:05Z
  • irt: IRT-CNNIC-CN
  • address: Beijing, China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-06-16T01:39:57Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: James Tian
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-84952
  • e-mail: [email protected]
  • nic-hdl: JT1125-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:37:15Z
  • person: Jimmy Xiao
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-80224
  • e-mail: [email protected]
  • nic-hdl: JX1747-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:38:09Z
  • route: 121.4.0.0/15
  • origin: AS45090
  • descr: China Internet Network Information Center
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-02-25T01:14:09Z

Links to attack logs

anonymous-proxy-ip-list-2023-07-10