27.157.236.192 Threat Intelligence and Host Information

Jul 23, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 27.157.236.192 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10000 10045 10065 10083 10100 11288 11300 11481 11596 11680 12109 12110 12111 12124 12127 12133 12135 12145 12148 12151 12155 12157 12160 12167 12173 12176 12181 12182 12205 12218 12225 12229 12249 12258 12263 12266 12274 12279 12293 123 12301 12307 12324 12337 12345 12347 12351 12360 12361 12372 12373 12383 12386 12390 12393 12400 12405 12423 12426 12434 12446 12450 12458 12461 12462 12473 12474 12481 12482 12490 12501 12506 12514 12515 12516 12532 12534 12571 12573 12615 13128 14024 14082 14130 14147 14265 14344 14402 14404 14523 14873 14894 15001 15006 15018 15042 15151 15588 22 8888 8889

Map

Whois Information

  • inetnum: 27.157.192.0 - 27.157.255.255
  • netname: NANPING-MAN-NP-FJ
  • descr: Nanping MAN
  • descr: Fujian Province
  • country: CN
  • admin-c: CA67-AP
  • tech-c: CA67-AP
  • abuse-c: AC1600-AP
  • status: ASSIGNED NON-PORTABLE
  • mnt-by: MAINT-CHINANET-FJ
  • mnt-irt: IRT-CHINANET-FJ
  • last-modified: 2022-01-12T13:12:24Z
  • irt: IRT-CHINANET-FJ
  • address: no.7,dongjie road,fuzhou,fujian,china
  • e-mail: fjnic@fjdcb.fz.fj.cn
  • abuse-mailbox: fjnic@fjdcb.fz.fj.cn
  • admin-c: CA67-AP
  • tech-c: CA67-AP
  • mnt-by: MAINT-CHINANET-FJ
  • last-modified: 2025-04-30T07:13:16Z
  • role: ABUSE CHINANETFJ
  • country: ZZ
  • address: no.7,dongjie road,fuzhou,fujian,china
  • phone: +000000000
  • e-mail: fjnic@fjdcb.fz.fj.cn
  • admin-c: CA67-AP
  • tech-c: CA67-AP
  • nic-hdl: AC1600-AP
  • abuse-mailbox: fjnic@fjdcb.fz.fj.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2025-04-30T07:13:41Z
  • role: CHINANETFJ IP ADMIN
  • address: 7,East Street,Fuzhou,Fujian,PRC
  • country: CN
  • phone: +86-591-83309761
  • fax-no: +86-591-83371954
  • e-mail: fjnic@fjdcb.fz.fj.cn
  • admin-c: FH71-AP
  • tech-c: FH71-AP
  • nic-hdl: CA67-AP
  • notify: fjnic@fjdcb.fz.fj.cn
  • mnt-by: MAINT-CHINANET-FJ
  • last-modified: 2011-12-06T00:10:50Z

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2023-06-04 vultrmadrid-ssh-bruteforce-ip-list-2023-06-05 ****** vultrmadrid-ssh-bruteforce-ip-list-2023-06-03 ****** ******

Share on: