140.205.135.3 Threat Intelligence and Host Information

Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 140.205.135.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 46/100

Host and Network Information

  • Mitre ATT&CK IDs: T1059 - Command and Scripting Interpreter

  • Tags: 0x104, 0x11a, 0x12b, 0x14a, 0x14e, 0x228, 0x97, 0xc6, 0xe1, 0xf5, aafunction, afunction, android, april, array, array int8array, b1342177279, bad event, bad idp, child, class, closure library, cnzzdata, copyright, crios, customevent, czuuid, dafunction, date, edge, element, embed, error, fafafa, function, gc, gc3w7t6h5qw, gtmmdcvhgd, ienew ca, iframe, internal, invalid attempt, kafunction, kfunction, kkfunction, lh, meta, mit license, most, nkfunction, node, null, number, object, overlaylevel, p420, path, pseudo, public, qkfunction, quota, reduceright, regexp, rkfunction, sdkversion, skfunction, span, string, swiper, sxa0, symbol, template, this, trackevent, trackpageview, trident, typeerror, typeof, typeof b, typeof d, typeof define, typeof e, typeof enulle, typeof n, typeof r, typeof symbol, typeof t, ufunction, uint8array, umdistinctid, vd, version, void, win32, xlfunction, zdhxiong

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS37963 hangzhou alibaba advertising co. ltd.
  • Noticed: 3 times
  • Protocols Attacked: SSH
  • Passive DNS Results: hbucm.com maxim-automation.top ceshi2024.xyz hcucumber.top lishujin.love yinghuangyl8.com btrmaketi.com 3modi.com aliyun-adns.aliyun.com.vipgds.alibabadns.com aiis.tech aiis.love careers.aliyun.com guru55.xyz fydch.com xn–8mrq2kk1b82dyt3ckdm.site hi-pwc.online chenglong.fun xingjihao.com zhjy2567.xyz gzklovezxp.xyz hfgj2008.top 78su.com dccam.xyz gzyzqt.top samsamgiftshop.com zyj511223.top viptbsc.com 1688tbsc.xyz hfgj2016.top xzw.life timnuoo.com imtoken2016.us xggj2012.top 1688tbsc.shop xggj2012.us auth.o9q.cn alimail-sg.aliyuncs.com 002243.com msea.aliyun.com tvka.cn ynding.fun mailsso.aliyun.com alibaba-tam.com aliyun-ltd.com www.junnp03.xyz saas-accelerator.aliyun.com aliyun.gein.cn beian.gein.cn usercenter.console.aliyun.com www.95bok.cn 555ylhg.com ht0428.xmcm168.com m.xmcm168.com 668xhby.com xfgj888.com mylswjs666.com szhj5566.com 88772vns.com 55668xhby.com mymgmvip85820.com myxpj1299.com mailopen-netdisk.aliyun.com acentric.eu.org wlan.pp.ua www.xiamuyourenzhang.cn www.misaya.ltd account.www.net.cn help-ccs.aliyun.com dc.www.net.cn kdai.net fuliyun.net appjun.com xiaolous.top denglijunying.top tools.aliyun.com aliyunk.top feedback.console.aliyun.com api.aliyun.com lengqie.live cschat-ccs.aliyun.com dgaddr.com aliyun.it tracedm.aliyun.com bridge.aliyun.com domain.aliyun.com aicrowd.aliyun.com dns.www.net.cn panda.www.net.cn microdingtalk.aliyun.com pandavip.www.net.cn dmp.www.net.cn huijiadizhi.xyz shilong.work silentdxx.top wobanganzhuang.com tianchi.com lo-ni.com ailyun.asia test.yagu.fun aliyun.com phpwind.com chuangke.aliyun.com www.phpwind.net query.aliyun.com expense-invoice.aliyun.com cart.aliyun.com aliyun-adns.aliyun.com.gds.alibabadns.com dc.aliyun.com static.aliyun.com wanwang.aliyun.com domainapi.aliyun.com phpwind.net passport.aliyun.com account-cn.alibabacloud.com push.console.aliyun.com ace.console.aliyun.com beian.aliyun.com exmail.aliyun.com yunqi.aliyun.com www.phpwind.com batit.aliyun.com mac.console.aliyun.com console.aliyun.com domain.console.aliyun.com ucan2017.aliyun.com download.phpwind.net cs.console.aliyun.com ip.console.aliyun.com

Malware Detected on Host

Count: 45 872b86df9efad5ec4220118ed1425dd843d8d31b9e2fd90721654c862a101623 b72156b012fa90507922bd3665ae5bc8ff394e758d30d6681b3d94457660dea5 ba9cb692700f6a58f8ea73288de2d02c905232ced515f4a9c90421face232ac4 b89abcaa731f73347d800ee604e284f295181189d17587bdd7faf362ee94a27a 698cb0f88a4ce246b818d69373b56d95b00d89a86a445a01ea0bdd1793815eb7 1dd44909f863aa5af7206f94c8f8b21140472358a73108eb591498b2e98757b6 f19a3aead330751cd12ea1905650fb89a0a55171107a731559c31032dc037b6e 18cde5e58434475c6485b2fc3ebe417080f34bc3972ba4ef548b883800f1a24e e930d1c1dd152faed79debbc8d8813b6b6d60fb8a81b1427e27aa7c5b4d0d6f9 e5e0017a8374f65e63d70191481b40c65b50938dc42cf598385c01c4e661c112

Open Ports Detected

1000 10000 10001 10134 102 1023 1024 1025 10250 1028 104 10443 10554 10909 10911 1099 11 110 11000 111 1111 11112 11210 11211 113 11300 11371 1153 1177 119 1200 12000 122 1234 12345 13 1311 1337 1344 13443 135 13579 1388 1400 14147 14265 143 1433 14344 1471 15 1521 1599 1604 16992 16993 17 17000 1723 1741 175 179 1801 18081 18245 1883 19 19000 1901 19071 1911 1926 1935 195 1962 2000 20000 2002 2008 2022 20256 2030 2050 2052 20547 2059 2061 2067 2081 2082 2083 2086 2087 2096 21 21025 2121 2126 21379 2154 2181 22 2200 2202 221 2222 22443 23 23023 2323 2332 23424 2345 2375 2376 2382 2404 2443 2455 2480 25 25001 25105 2549 2551 25565 2563 26 2602 2628 264 27015 27017 2761 2762 28015 28017 2806 28080 30002 30003 3001 3049 3050 3069 3094 3097 311 3110 3112 31337 3200 32400 3260 3268 3269 32764 3299 3301 3306 33060 3310 3388 3389 3400 35000 3541 3542 3551 3559 3560 3689 37 37215 3749 37777 3780 3790 389 3950 4000 4022 4040 4063 4064 4100 4118 4157 41800 4242 427 4282 43 4321 4369 44158 443 4430 4433 444 4443 4444 44818 4500 4505 4506 465 4664 4782 47990 48226 4840 4899 49 4911 49152 49153 4949 5000 50000 5001 5005 50050 5006 5007 50070 5009 5010 50100 502 5025 503 51106 51235 515 5172 5201 5222 5269 52869 53 54138 5432 5435 548 5494 5500 55000 554 55442 55443 555 55553 55554 5560 5593 5601 5607 5672 5801 5858 587 5900 5906 593 5938 5984 5985 5986 6000 60001 6001 6002 60030 6004 6007 6008 6009 6036 61613 61616 62078 631 636 6363 6379 6443 6590 6633 6650 6653 666 6664 6666 6667 6668 6697 70 7001 7005 7071 7080 7171 7218 7415 7433 7434 7443 7474 7547 7548 7634 771 7776 7779 789 79 7989 80 8001 8002 8009 8010 8030 8036 8042 8045 805 8060 8064 8066 8069 8080 8081 8083 8084 8085 8086 8087 8089 8096 8097 8098 8099 81 8101 8103 8105 8106 8112 8118 8126 8139 8140 8181 8184 82 8200 8248 8291 83 8333 8383 84 8401 8411 8423 8443 8500 8545 8554 8575 8649 8688 8728 873 8765 8784 8821 8834 8837 8838 8854 8876 888 8880 8889 8969 8990 9000 9001 9002 902 9024 9031 9040 9042 9045 9051 9082 9088 9090 9091 9092 9095 9098 9100 9105 9111 9151 9160 92 9200 9202 9210 9214 9216 9295 9306 9310 9418 943 9443 9530 9595 9600 9606 9633 9690 9761 9800 9869 9876 992 993 9943 9944 995 9981 999 9998 9999

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2016-3115 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-16905 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 CVE-2023-51767

Map

Whois Information

  • NetRange: 140.205.0.0 - 140.205.255.255
  • CIDR: 140.205.0.0/16
  • NetName: APNIC-ERX-140-205-0-0
  • NetHandle: NET-140-205-0-0-1
  • Parent: NET140 (NET-140-0-0-0-0)
  • NetType: Early Registrations, Transferred to APNIC
  • OriginAS:
  • Organization: Asia Pacific Network Information Centre (APNIC)
  • RegDate: 2010-11-03
  • Updated: 2010-11-17
  • Comment: This IP address range is not registered in the ARIN database.
  • Comment: This range was transferred to the APNIC Whois Database as
  • Comment: part of the ERX (Early Registration Transfer) project.
  • Comment: For details, refer to the APNIC Whois Database via
  • Comment:
  • Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
  • Comment: for the Asia Pacific region. APNIC does not operate networks
  • Comment: using this IP address range and is not able to investigate
  • Comment: spam or abuse reports relating to these addresses. For more
  • Ref: https://rdap.arin.net/registry/ip/140.205.0.0
  • OrgName: Asia Pacific Network Information Centre
  • OrgId: APNIC
  • Address: PO Box 3646
  • City: South Brisbane
  • StateProv: QLD
  • PostalCode: 4101
  • Country: AU
  • RegDate:
  • Updated: 2012-01-24
  • Ref: https://rdap.arin.net/registry/entity/APNIC
  • OrgTechHandle: AWC12-ARIN
  • OrgTechName: APNIC Whois Contact
  • OrgTechPhone: +61 7 3858 3188
  • OrgTechEmail: search-apnic-not-arin@apnic.net
  • OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • OrgAbuseHandle: AWC12-ARIN
  • OrgAbuseName: APNIC Whois Contact
  • OrgAbusePhone: +61 7 3858 3188
  • OrgAbuseEmail: search-apnic-not-arin@apnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • inetnum: 140.205.0.0 - 140.205.255.255
  • netname: Taobao
  • descr: Zhejiang Taobao Network Co.,Ltd
  • descr: 2nd floor, Westlake International technology Building
  • descr: 391Wener Road, Hangzhou, China
  • country: CN
  • admin-c: ZM678-AP
  • tech-c: ZM877-AP
  • tech-c: ZM876-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-irt: IRT-TAOBAO-CN
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • last-modified: 2023-11-28T00:57:06Z
  • irt: IRT-Taobao-CN
  • address: 2nd floor, Westlake International technology Building, 391 Wener Road, Hangzhou
  • e-mail: didong.jc@alibaba-inc.com
  • abuse-mailbox: didong.jc@alibaba-inc.com
  • admin-c: ZM877-AP
  • tech-c: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-05T23:38:36Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: ipas@cnnic.cn
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: ipas@cnnic.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: Shuo Yu
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022600
  • e-mail: anti-spam@list.alibaba-inc.com
  • nic-hdl: ZM678-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-04-13T23:21:57Z
  • person: security trouble
  • e-mail: yitian.gaoyt@alibaba-inc.com
  • address: Hangzhou, Zhejiang, China
  • phone: +86-0571-85022600
  • country: CN
  • mnt-by: MAINT-CNNIC-AP
  • nic-hdl: ZM876-AP
  • last-modified: 2021-04-13T23:22:33Z
  • person: Guowei Pan
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022088-30763
  • fax-no: +86-0571-85022600
  • e-mail: guowei.pangw@alibaba-inc.com
  • nic-hdl: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2013-07-09T01:34:02Z
  • route: 140.205.135.0/24
  • origin: AS37963
  • descr: China Internet Network Information Center
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-02-18T01:11:21Z
  • route: 140.205.135.0/24
  • origin: AS45102
  • descr: China Internet Network Information Center
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-02-18T01:13:49Z

Links to attack logs

****** ****** ******

Share on: