222.186.134.52 Threat Intelligence and Host Information

Share on:
May 16, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 222.186.134.52 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Tags: Nextray, UK Based, awsau, bruteforce, cyber security, ioc, ip monitor, malicious, mysql, nmap, phishing, port-scan, tsec

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS4134 chinanet
  • Noticed: 9 times
  • Protcols Attacked: mysql
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: wxdl.xiaozhongwenhua.top ymarz.com bbs.ymarz.com www.ymarz.com user.xiaozhongwenhua.top open.xiaozhongwenhua.top nmquan.demo.9ok.co spx.xiaozhongwenhua.top www.9ok.co mm.laowangz.top world.xiaozhongwenhua.top jianchat.demo.9ok.co sp.xiaozhongwenhua.top huoma.demo.9ok.co app.xiaozhongwenhua.top icloud.laowangz.top img.0op.cn appx.9ok.co

Malware Detected on Host

Count: 13 fa80db8a37ee80fa9df567632b9d8874df8326e0513525ac62e6d0605f9514ab dde47c328042db47894cc0fa0ce6c4643b7bed95c161dcda3a636b7aff96cdf8 2ef23d84ade07a2b942daefb5e319bdcd86d473479f45010ced24c1b7212602c 9e26575c739a84daced2e2c971400035b3217db5d29dd1ea2c93eb0b2247517a e1f957af456dc4987b7d18613a2ce10426db08a005f9cc5abc4e8ba011234b11 e7fea595f914777e7501687a3a5c0e126fcd4446870aef8ec3b0b22068a6ace2 76aec39010e05b1ddf57bea93232e68a428e887fb2cae75c261c6534253b71c1 26d3d566b32ce9e973de0c6e29623bf9044cb2fcd77141c0fd94ad5329119038 0a3bc2f7e6a46f0afda99b1d4f8c3219b338388a7014fa9c832b8468a21dc1cd 4e045649467a5583c1a45d9e71b5463827a005fccddadd2b4d5e739c8aa97a4b

Open Ports Detected

443 5985 7001 80 888

CVEs Detected

CVE-2006-20001 CVE-2015-9253 CVE-2017-7272 CVE-2017-7963 CVE-2018-19395 CVE-2018-19396 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9641 CVE-2022-2097 CVE-2022-31628 CVE-2022-31629 CVE-2022-36760 CVE-2022-37436 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-25690 CVE-2023-27522

Map

Whois Information

  • inetnum: 222.184.0.0 - 222.191.255.255
  • netname: CHINANET-JS
  • descr: CHINANET jiangsu province network
  • descr: China Telecom
  • descr: A12,Xin-Jie-Kou-Wai Street
  • descr: Beijing 100088
  • country: CN
  • admin-c: CH93-AP
  • tech-c: CJ186-AP
  • abuse-c: AC1573-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: APNIC-HM
  • mnt-lower: MAINT-CHINANET-JS
  • mnt-routes: MAINT-CHINANET-JS
  • mnt-irt: IRT-CHINANET-CN
  • last-modified: 2021-06-15T08:06:34Z
  • irt: IRT-CHINANET-CN
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • mnt-by: MAINT-CHINANET
  • last-modified: 2022-02-14T07:13:12Z
  • role: ABUSE CHINANETCN
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: CH93-AP
  • tech-c: CH93-AP
  • nic-hdl: AC1573-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2022-02-14T07:14:09Z
  • role: CHINANET JIANGSU
  • address: 260 Zhongyang Road,Nanjing 210037
  • country: CN
  • phone: +86-25-87799222
  • e-mail: [email protected]
  • admin-c: CH360-AP
  • tech-c: CS306-AP
  • tech-c: CN142-AP
  • nic-hdl: CJ186-AP
  • notify: [email protected]
  • mnt-by: MAINT-CHINANET-JS
  • last-modified: 2022-08-05T15:34:47Z
  • person: Chinanet Hostmaster
  • nic-hdl: CH93-AP
  • e-mail: [email protected]
  • address: No.31 ,jingrong street,beijing
  • address: 100032
  • phone: +86-10-58501724
  • fax-no: +86-10-58501724
  • country: CN
  • mnt-by: MAINT-CHINANET
  • last-modified: 2022-02-28T06:53:44Z

Links to attack logs

awsau-mysql-bruteforce-ip-list-2022-03-11 nmap-scanning-list-2022-03-11