27.2.1.15 Threat Intelligence and Host Information

Jul 07, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 27.2.1.15 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 75/100

Host and Network Information

Mitre ATT&CK IDs: T1001.001 - Junk Data, T1001.002 - Steganography, T1001.003 - Protocol Impersonation, T1003.001 - LSASS Memory, T1003.004 - LSA Secrets, T1003.005 - Cached Domain Credentials, T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1021.006 - Windows Remote Management, T1021 - Remote Services, T1025 - Data from Removable Media, T1026 - Multiband Communication, T1027 - Obfuscated Files or Information, T1055.002 - Portable Executable Injection, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1140 - Deobfuscate/Decode Files or Information, T1404 - Exploit OS Vulnerability, T1445 - Abuse of iOS Enterprise App Signing Key, T1543 - Create or Modify System Process, T1560 - Archive Collected Data, T1562.004 - Disable or Modify System Firewall, T1562 - Impair Defenses, T1564 - Hide Artifacts
Tags: 194 Green Street, abstract may, abstract must, access, account, addcharset, adddescription, addhandler, addiconbytype, addlanguage, addlanguage da, addlanguage pl, address, addtype, advanced server, a facility, agreement, aiff, airport, Aishah Lazim, Aishah Siti Lazim, alias, alias error, aliases, alias icons, allocation, allow, allowoverride, allow server, almost, amos gouaux, apache, apache http, apache version, apple, apple computer, april, arch, arch x8664, argus, aris, arrange, array, ascii, as expressly, assistant, attcertpath, attribute, auditing, authkey, authtype, authtype digest, authuserfile, auto exit, automountdenv, automounter map, auxiliary, auxiliary may, auxiliary must, base dcexample, bashno, bashrematch, basic system, bcgjnuwz, begin, berkeley, beware, blank, body, broadcast, browsermatch, bsm event, bugs, calendar, ca message, canonical, catalan, category, cfbasichash, cfrunloop, cfrunloopmode, change, chaos, charset, Chelsea Manning Help Me, cisco, claim, class, clocal mode, coast, code, co llective, collective, column, commcenter, common setup, computername, config, configure, contribution, contributor, contributors, control access, copyright, corba, corba object, corporation, cosine pilot, cottbus, crunch, crypt, cups, cups scheduler, customlog, cybernetic, cyber security, cyrus, d0 j, daemondirectory, daniel quinlan, data, date, davlockdb, davupload admin, default, defaultlanguage, default require, default user, define, definitions, deliver mail, deref, d esc, de sc, des c, desc, desc account, desc mount, desc password, desc pool, description, devnull, dict, directory, directory forum, directoryindex, documentroot, domain, dovecot, duas, dynamic group, email, empty, encapsulation, english, entry, environment, equal ity, equality, error, errordocument, errorhttp, errorlog, etcbashrc, etcirbrcloaded, europe, every, example, extendedstatus, facility, fallback, false, fancyindexed, fancyindexing, fcodes, file, file format, files, filesystems, filters while, first, fixed speed, flags, force, form, format, formats, for production, freebsd, freeze, full, function, general, generic, germany, get home, get information, greekmodern, greg roelofs, group database, group lp, groups, group value, guest, guid, gzip, headerchecks, high, histfile, histfilesize, history file, histtimeformat, hold, home autohome, host, host database, hosts, html, http, Human Subjects, iana, icmp, id key, ifdefine, ifmodule, ignore, include, indexes, indexignore, inetorgperson, info, inpck, integer, internet, internetdrafts, ioc, ipnetmasknumber, ipv4, ipv6, ipv6 host, isis, isp mail, jabber, java, java class, java object, jndi, jndi reference, kame, kdc schema, keepalive, kerberos, kerberos v, kernel, kind, korean, ldap, ldap defaults, ldap directory, ldap entry, ldap server, ldif, level, level error, level info, license, limit, line, linus walleij, list, listen, loadfile c, loadmodule, local, localnetbootdir, localonly, location, lpadmin, lutz jaenicke, magic, mail, mail backend, mail delivery, mail returned, main, major, make bash, maker, malicious, manlocale, manpager, manpath, manpath optman, manual, many, matches, matches for, matches user, match syntax, maxhistsize, maximum number, maxsparethreads, maybe, may contain, may description, message, message mc, message secure, message sep, microsoft, mime, mime type, minimal, minrate500, minsparethreads, modern smtp, monitoring, mount, mpms, multi, multitouchhid, music, must, must contain, mx host, myvar, name, name leaf, name managedby, netboot, netbootmount, netbootshadow, netinfo, netinfo preset, netinfo rpcs, netlicense, netscape, networkd, networkonly, networkup, Nextray, nnnbaud, no group, note, not recommended, nroff, number, objectclass, obsolete, ocsp stapling, oid base, old example, oncrpcnumber, only, openbsm, openbsm kernel, open directory, opendirectoryd, openldap, openldap note, openldaporg, openldapou, openldaproot, openssl, openssl package, openssl project, options indexes, order, order deny, or even, outlook, owner, parenb istrip, parity, pass, pass8, passwd, password policy, path, pathbin, pc entry, person, phishing, pidfile, pipe wall, pkcs, please, plist, polish, posix, post, postfix, postfix dsn, postfix master, postfix pipe, postfix queue, postfix scsd, postfix smtp, postfix version, postscript, prior, prng, prod, product x, program, project, promptcommand, promptmode, protocol, provide access, proxyhtmllinks, prunedirs, prunepaths, ps1h, public license, purpose, quality, quantum, ranlib, readline, readme files, recent cyrus, recipient, redirect mail, redistribution, refer, reject, reject empty, relocated, remember that, removed, removetype tr, replace user, reply, report, require, requireany, require host, require user, reserved, restrict, restrict access, result format, r etcbashrc, returnpath via, rfc1274, rfc2252, rfc2307, rfc2798, RNA molecule, rolesyntax, rpcs number, rpcsrc, rsvp, rule, rules, sample, s checkwinsize, schema, schema mapping, searchpaths, secsrvr, sender, server, server admin, serveradmin, servername, serverroot, serversignature, service, session, set command, sethandler, setup, shall not, shell, shellsessiondir, signeddata, singlevalue, size, sizelimit, smime, smtp, smtp server, solaris, solaris auemac, solaris kernel, solaris umount, spaces, specification, specify, springboard, ssl engine, sslrandomseed, sslrequire, sslsessioncache, ssltls standard, start, startservers, state, status mailfrom, store, structural, structural may, structural must, subclass of, substr caseigno, sunnet manager, sup container, sup ipsecbase, sup name, sup person, supported, sup rpcentry, switch, synconclose no, synopsis, syntax, system, systype, tables, tcpip, technology, tell, term, terminal, termprogram, the program, this, thread, threadid, threadsperchild, threadstacksize, tiff, tiger, time, timelimit, timeout, tmpdir, t option, traditionally, transport, triad, troff, true, turkish, uncomment, unicode, unix, unix password, update, uri ldap, use directory, use of, userdir, userdir sites, usereventagent, usergroup, user lp, user unknown, usrbinsudo, usrsbin, usrsbinnetbiosd, uucp, vartmp, verbose end, versionsort, virtual, virtual alias, virtualhost, virtualhost 80, vpn socket, w3c html, waiting, warn, wave, webdav, whatispager, wietse venema, wimplicit, win32, windows, with syntax, write, xhtml xht, xlam, xlc xlt, xlm xla, xlsb, xlsm, xltm, yourincludepath, z7 z8
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, coinbl_hosts_browser, haley_ssh, hphosts_emd, lashback_ubl, nullsecure, stopforumspam_180d, stopforumspam_365d, tor_exits_30d

Country: Vietnam
Network:
Noticed: 31 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Bahrain, Canada, Czechia, Denmark, Estonia, France, Germany, India, Israel, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Map

Whois Information

inetnum: 27.2.0.0 - 27.3.255.255
netname: SCTV-VN
descr: SaiGon Tourist Cable Television
descr: 31 -33 Dinh Cong Trang str, Tan Dinh Ward, Dist 1. HCMC
country: VN
admin-c: NHV3-AP
tech-c: CHH14-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-VN-VNNIC
mnt-irt: IRT-VNNIC-AP
mnt-lower: MAINT-VN-VNNIC
mnt-routes: MAINT-VN-VNNIC
last-modified: 2015-12-01T22:32:53Z
irt: IRT-VNNIC-AP
address: Ha Noi, VietNam
phone: +84-24-35564944
fax-no: +84-24-37821462
e-mail: hm-changed@vnnic.vn
abuse-mailbox: hm-changed@vnnic.vn
admin-c: NTTT1-AP
tech-c: NTTT1-AP
mnt-by: MAINT-VN-VNNIC
last-modified: 2017-11-08T09:40:06Z
person: Chau Hoang Huy
nic-hdl: CHH14-AP
e-mail: huy.ch@sctv.com.vn
address: SaigonTourist Cable Television Company (SCTV)
address: 31-33 Dinh Cong Trang Str, Dist 1, HCMC
phone: +84-838-205605
fax-no: +84-838-205705
country: VN
mnt-by: maint-vn-vnnic
last-modified: 2009-02-06T08:44:45Z
person: Nguyen Hoang Vinh
nic-hdl: NHV3-AP
e-mail: vinh.nh@sctv.com.vn
address: SaigonTourist Cable Television Company (SCTV)
address: 31-33 Dinh Cong Trang Str, Dist 1, HCMC
phone: +84-838-205605
fax-no: +84-838-205705
country: VN
mnt-by: maint-vn-vnnic
last-modified: 2009-02-06T08:40:43Z
route: 27.2.1.0/24
descr: SCTV-VN
origin: AS45543
mnt-by: MAINT-VN-VNNIC
last-modified: 2022-04-12T07:43:00Z

Links to attack logs

Share on: