222.186.64.89 Threat Intelligence and Host Information

Aug 25, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 222.186.64.89 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Tags: attack, badrequest, blacklist, botnet, bruteforce, http, login, Malicious IP, mirai, port 23, port 80, portscan, probing, scan, scanner, scanning, SSH, tcp, tcp/23, tcp/80, telnet, Telnet, webscan, webscanner, webscanner bruteforce web app attack

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS4134 chinanet
  • Noticed: 18 times
  • Protocols Attacked: telnet
  • Countries Attacked: Poland, United States of America
  • Passive DNS Results: xinbatiyuguan.com jkb.xinbatiyuguan.com jka.xinbatiyuguan.com

Malware Detected on Host

Count: 7 a47883bfe6096bbd470dfe77dcce2edb346ecee8798d4a3e518248ad860d89e4 a4760e75235f524790134f54fe2fbcbc500864706119d7723a6cffe7582b6fdb 2083ecd53708828bba71a164b24e1d985305479cea3f1772d4a063a624feee4d 425730732ea1e5a586adda0d8730a13557f861f15d174aea25d7c88624c49a23 ee8133e651b68d9afa5ed007f889d8cc9810227f341a44810718fa5c98090f76 6285b279d228c745d292646169b5740ef6b6cd5647783c1d017b1af4030d73d6 b2e8bf0b0fb9c0e408e69cf32b99c2e72f43d9b8fee6776e7286fe0755505293

Open Ports Detected

111 4369 55443 5672 61613 61616 6379 7080 8009 8111 8139 8140 9876

CVEs Detected

CVE-2019-11291 CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 CVE-2022-31008 CVE-2023-46118

Map

Whois Information

  • inetnum: 222.186.64.80 - 222.186.64.95
  • netname: ZHENJIANG-XIANGRONG-ELECTRIC-CO
  • descr: jiangsu yangzhong xiangrong ELECTRIC CORP
  • descr: Zhenjiang City
  • descr: Jiangsu Province
  • country: CN
  • admin-c: CH447-AP
  • tech-c: CH447-AP
  • status: ASSIGNED NON-PORTABLE
  • mnt-by: MAINT-CHINANET-JS
  • mnt-lower: MAINT-CHINANET-JS-ZJ
  • last-modified: 2010-07-22T01:10:05Z
  • person: chinanet-js-zj hostmaster
  • address: No.18,Dianli Road,Zhenjiang 212007
  • country: CN
  • phone: +86-511-5235035
  • fax-no: +86-511-5239877
  • e-mail: ipzj@pub.zj.jsinfo.net
  • nic-hdl: CH447-AP
  • mnt-by: MAINT-CHINANET-JS-ZJ
  • last-modified: 2008-09-04T07:29:59Z

Links to attack logs

vultrwarsaw-telnet-bruteforce-ip-list-2024-08-08 vultrmadrid-telnet-bruteforce-ip-list-2024-08-10

Share on: