154.85.60.150 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 154.85.60.150 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1041 - Exfiltration Over C2 Channel, T1059.001 - PowerShell, T1072 - Software Deployment Tools, T1110.001 - Password Guessing, T1110.002 - Password Cracking, T1110.003 - Password Spraying, T1110.004 - Credential Stuffing, T1590.004 - Network Topology, T1590.005 - IP Addresses, T1595.001 - Scanning IP Blocks, T1595.002 - Vulnerability Scanning

• Tags: akamaias, akamaiasn1, amazon02, as15169, as16509, as20940, as3359, as8075, as852, cuba, facebook, geoip, ghost, google, indonesia, level3, Malicious, media, mexico, mini, proton, public url, seznam, telecom, twitter, ukraine, win32, win64

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 7 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Indonesia, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: xn–gwrz8ilqn.xn–fiqs8s xn–35zx7g.xn–io0a7i boim.com.cn shushi.com 5341rvu6ba8o2tgbmcfj.yhdg.cn xn–9cs80cz87a.xn–fiqs8s nextidc.com zhuotuo.cn 092u.com exmb1.locallife.com nixuan.cn yiwanli.com.cn gn-art.com www.yiwanli.com.cn nongtantan.com cvcgf.com.cn zhuizhua.com shangjiyun.com zhuigai.com shine.gfyholdings.com 69dj.net xn–4pvy2aw77h.xn–fiqs8s iflowcli.com.cn qgenergy.com www.daibei.com.cn daibei.com.cn xn–fiqs8s1msdtax50aewj5pi.com nivikell.com damaiwang.info www.meetix.com shaonian.cc hqxs.com www.hengjie.cc www.hqxs.com 111pg.cn www.bais.com.cn houshayu.com jhjingcai.cn www.lanartisan.com.cn aishangche.cn hengjie.cc qhdok.cn www.innexus.cn www.fjairport.cn innexus.cn fjairport.cn holink.cn bais.com.cn hengzeng.cn www.111pg.cn www.hengzeng.cn www.houshayu.com www.jhjingcai.cn lanartisan.com.cn www.aishangche.cn tbc.vip www.qhdok.cn axpay.com.cn www.axpay.com.cn www.holink.cn tcd.vip tcj.vip tbx.vip tcz.vip www.dorjepam.com app.xn–ehvu3ai8y.com jsairport.cn www.jsairport.cn jianghun.cn www.didifood.com.cn connection.com.cn www.connection.com.cn www.jianghun.cn globalchain.com.cn www.globalchain.com.cn saveus.com.cn www.ruicun.cn www.m4u.cn m4u.cn micro-chip.info www.chacuo.cn chacuo.cn www.saveus.com.cn ruicun.cn lobe.cn fangcunjian.com buyer-api.locallife.com www.labvirtual.locallife.com dilltoken.com www.attshow.com kast.cn anunyan.com jiankangafu.com orientne.com xn–uis47l9y5a.xn–fiqs8s www.mail6.locallife.com www.lingege.com lingege.com huoshi88.com v1.locallife.com gzcs.com.cn grapeai.com.cn ex2019.locallife.com yisouche.com opdim.com limitwilderness.com binglang.com.cn aibusiness.com.cn doodly.com.cn jinandex.com.cn pinduoduo.co pashui.cc www.pashui.cc www.dai3.cn www.zhouyibagua.com www.zyi.cn www.chepin.net www.longart.com.cn www.hfjt.com.cn www.uugay.com domain.souya.cn www.zhenshihao.com www.zhehui.cn www.iqihuo.com 8031.cc ruben.com.cn sco-db.cn manzano.com.cn 50689874.cc quzhaoche.com gitlab.xn–ehvu3ai8y.com syndeio.com.cn agentics.net.cn java.bj.cn yuantiangang.cn gl999.net fr.ylevacase.com antchaintrust.com.cn unisunrobotics.com agentinfra.com.cn www.mayixinghe.com haohangweilai.xn–fiqs8s damaient.com.cn yunxiuchangshi.cn codion.com.cn lycheeken.com extec.cn pallatom.com jdjoyinside.com help.locallife.com coatgleam.com vistjs.com py.vistjs.com duwang.com.cn www.pubuai.com www.haomabang.com www.3dyanjing.com kgmholdings.com starsatel.cn shenlanhua.com.cn bblam.cn zhiengine.com www.zhiengine.com xfm.vip big888.cc www.eairobots.com antring.cn dibiaozuiqiang.com.cn lecoflin.cn gvq20fq70ps9.cc hjhtc.cn hhyk.cn held.cn hn315.cn gzet.cn gyyun.cn hnte.cn gqzp.cn gggmv.cn gksp.cn gwmm.cn henhh.cn frzp.cn gqtek.cn gjtec.cn glmai.cn dumg.cn ebjt.cn fwap.cn dqai.cn fjol.cn decom.cn heyha.cn devan.cn daen.cn hhqh.cn danq.cn cwip.cn hgtek.cn cycd.cn chnq.cn crog.cn cwkg.cn dadai.cn biku.cn cekg.cn flop.cn brgj.cn btjp.cn bkpj.cn bowx.cn eega.cn bdtec.cn aiots.cn aimag.cn afrc.cn 88lv.cn aaadn.cn 6821.cn 52wn.cn a40.cn bnei.cn 86ws.cn bydf.cn bakun.cn uwk5p.hjfcb.cn www.uwk5p.hjfcb.cn agaigets.info www.desktopstudent.locallife.com deufine.com www.membresiacinepoliswww.locallife.com yfk.vip ygg.vip yff.vip ygk.vip yhp.vip yfb.vip yhz.vip hujuu.cn www.hujuu.cn de.ylevacase.com 0095.cc ytc.vip ytd.vip ytk.vip ysd.vip kyodoled.com mgf.vip whdex.com.cn world-model.info xunyixun.com tianchiai.com vnchip.cn xn–bqst37b.xn–fiqs8s www.feidiao.com.cn citicpru.cn tengliang.cn heao.cn feidiao.com.cn www.heao.cn www.aacfe.cn www.tengliang.cn www.smartavatars.cn www.mianhu.cn www.citicpru.cn mianhu.cn smartavatars.cn aacfe.cn 3pefangfuguan.cn 01067.com gspay.cn guangduan.com.cn www.qvtech.cn zunchen.cn www.gspay.cn meishangmei.cn www.gongmang.cn www.guangduan.com.cn qvtech.cn gongmang.cn www.meishangmei.cn www.zunchen.cn spatialworld.cn www.medica.com.cn www.spatialworld.cn medica.com.cn www.solarsystem.cn www.syep.com.cn www.zrai.com.cn solarsystem.cn zrai.com.cn syep.com.cn wemedtech.cn www.wemedtech.cn lishinan.cn www.aidesk.com.cn www.lishinan.cn aidesk.com.cn www.visionflow.cn visionflow.cn www.mexico999.com www.russia6.com www.singapore9.com www.25gaming.com www.65gaming.com www.hongtaizq.com www.19gaming.com www.16gaming.com www.31gaming.com www.monaco5.com www.singapore5.com www.thailand9.com www.philippines88.com www.dongbisai.com cseco.com.cn www.stephencurry.com.cn loveable.cn www.cseco.com.cn www.loveable.cn www.365juego.com nyxcm.cn www.nyxcm.cn www.70gaming.com www.anxiaobao.cn anxiaobao.cn stephencurry.com.cn www.jogo52.com www.97gaming.com acebios.cn vibevoice.cn westablecoin.cn tanga-shop.info www.sdctd.cn www.huodongbao.cn makeable.com.cn www.lepar.cn www.maimaia.cn sdctd.cn lepar.cn www.makeable.com.cn maimaia.cn huodongbao.cn www.stiv.com.cn stiv.com.cn hsyf.cn www.hsyf.cn www.wlab.com.cn www.shuangnong.cn gbacapital.cn wlzf.cn www.wlzf.cn www.gbacapital.cn shuangnong.cn skyrmion.cn www.cdkglobal.cn cdkglobal.cn k4a.cn www.harmonyplus.cn www.skyrmion.cn nicegroup.cn www.k4a.cn www.nicegroup.cn harmonyplus.cn www.buydirect.cn www.songmeiling.cn buydirect.cn songmeiling.cn xn–2js.cn www.xn--2js.cn www.yiliaoshi.com shangshiquan.com www.shangshiquan.com reallight.cn www.lvgem.com.cn hospitalplus.cn www.reallight.cn ittraining.cn www.atyou.net.cn www.gansubank.com.cn lvgem.com.cn jxex.com.cn www.jxex.com.cn www.ittraining.cn atyou.net.cn gansubank.com.cn www.hospitalplus.cn www.fanah.cn curryshoes.cn www.axfpay.com salubrismed.cn hyfoss.com.cn www.langcha.com langcha.com xn–krw9l.cn www.miaoha.com miaoha.com jiaoshilm.com www.lrg.vip www.pinganre.com lrg.vip ksn.vip hpr.vip bengrou.com www.7pys.com 7pys.com eniigme.club slzb235.cc www.slzb235.cc www.vowoasis.com vowoasis.com xn–q35au2i.xn–fiqs8s www.amti.com cguardian.cn xn–fyx.xn–fiqs8s livisos.com zlykfw.cn ccgrass.com.cn lssai.com www.lssai.com 2097.cc rd.locallife.com shophb.cn dexcelrobotics.cn access.locallife.com imap2.locallife.com mingyunbanji.cn xn–w4ru9qpw6a.xn–fiqs8s www.wap.wunetspend.com qr.kundun.cn 606909.com larn.com 656123.com www.pay.locallife.com u.diangao.com www.vpn.metroestyling.com www.haoqh.com haoqh.com www.haologo.com www.haolianmeng.com www.f8o.com yungongxin.com wencheche.com 6gfm.com www.hanabank.com.cn hanabank.com.cn www.acc.dtaconnec.com www.ef002e17-dd9e-45d1-9c03-2c7ec175d5fc.scanhealyhplan.com muyunze.com.cn 95353.com citrix.locallife.com palirad.com oneaix.cn workflow.aarpcrditcard.com aombzkiskuwww.locallife.com www.eb19.aarpcrditcard.com www.notexistsdev.paramountheathcare.com new.gaurdanthealth.com bzyncw.q6.cn nfh.vip bowh.com.cn decorematrix.cn www.remoteapp.londepot.com sierda.com aiwanwen.com mcsecmo.com www.visual.wunetspend.com googleait.com 51zisha.cn www.gongkaoquan.com gongkaoquan.com chd.vip workspace.locallife.com www.webmail.prebellecosmetics.com cnagent.com.cn www.qimaoduanju.cn www.qa.arthrtiskneepain.com www.auth.pernellecosmetics.com www.share.carbofootprint.com o-c.cc www.argo.myaarpplan.com silversmith.cn remote.prebellecosmetics.com www.store.btisnc.com www.client.myaarpplan.com www.metrics.condominiumassociate.com aligou.cn www.aligou.cn www.fe469504-d23d-4a2d-b01e-c62f25282901.arthrtiskneepain.com www.api.prestodirct.com cisapp.summerphc.com yunhuiyi.com www.yunhuiyi.com www.pay.sboot.cn 96e6bd01-c87d-4fd2-a20b-c30705a7624b.imetzu.com www.bi.kansascitsteaks.com mayixinghe.com mphlks012.store www.doucong.com api.pointsrewardspius.com www.redash.loanadministratin.com

Malware Detected on Host

Count: 57 bfc3713ba77e19a3b5c46f9ee3bfd361bad6591993509bf2ab705730a049eb1b 23f944897fc4a7e561f76d98ee8d59548589096f1eedb0307f8419735f9737c6 af7dac0b75e6b802c0c4fa5d59b0be9077bf417ad796af9202c94c9f44addaf2 40053fafa834b6f46d3570c9b5ba8bf06e5bcdc037a98fa4a10b605ac81975aa 26fc34a87887eae06992782b7de9056542aa6cb769a11cff0bb44498a3c51df7 924213e2dd0b4ad820dbf3910891989369a8be0beed32ca70048acc814c04e0b 5e934b2482284f1c550616980e42e77b117ad75b2c2f0c2052aad0e3153bf330 1986b219d00c12c43fe6ad6fd693bb31a90e1d51c8cd4df529f40ada17e25875 75f2bae6386fccb0ea85ad247f29dd0b56fc5856bbabdda5f8ee52f3f6a77a01 ae306c43432223f40d3421f571f583dcd48a6df8f7fccfc0b23a6072cccdaf78

Open Ports Detected

22 80

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

• inetnum: 154.85.60.0 - 154.85.60.255
• netname: Beijing_Baidu_Netcom_Science_and_Technology_Co_Ltd
• descr: Beijing Baidu Netcom Science and Technology Co., Ltd.
• country: SG
• admin-c: CIS1-AFRINIC
• tech-c: CIS1-AFRINIC
• status: ASSIGNED PA
• mnt-by: CIL1-MNT
• mnt-by: LARUS-SERVICE-MNT
• parent: 154.80.0.0 - 154.95.255.255
• person: Cloud Innovation Support
• address: Ebene
• address: MU
• address: Mahe
• address: Seychelles
• phone: tel:+248-4-610-795
• nic-hdl: CIS1-AFRINIC
• abuse-mailbox: abuse@cloudinnovation.org
• mnt-by: CIL1-MNT