42.236.74.142 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 42.236.74.142 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network: AS4837 china unicom china169 backbone
  • Noticed: 1 times
  • Protcols Attacked: mssql
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: kf.fengchijs.online cr1.crmservices.space kf2.fengchijs.online update.lsyr.net www.lsyr.net lsyr.net

Malware Detected on Host

Count: 6 b89ea931d86157300038064f1583a76e043dd6980203be24acd8c603e7649999 56f3c988ac4b732cf3f7cf4f811edfe1eb5d6c70b4a665c880ba92e777abe402 236f95f68bd09160ac07d9b67cf225c3300db4f780b2aaeb84d53530304363c6 0f120549f7bad22d936cc593ec9a41e924742f46a0a6f4ea88a8456193d144f0 6f03c110f29891bc3e37230eb5935de875db55c886a709153d3b05c8039d2a59 7db824b0b5ded9805ff1bb0ff4e7333610a270a7ef50091429ab5187285cd4aa

Open Ports Detected

11000 443 80

Map

Whois Information

  • inetnum: 42.224.0.0 - 42.239.255.255
  • netname: UNICOM-HA
  • descr: China Unicom Henan province network
  • descr: China Unicom
  • descr: No.21,JiN-Rong Street,
  • descr: Beijing 100033
  • country: CN
  • admin-c: CH1302-AP
  • tech-c: WW444-AP
  • mnt-by: APNIC-HM
  • mnt-lower: MAINT-CNCGROUP-HA
  • mnt-routes: MAINT-CNCGROUP-RR
  • mnt-irt: IRT-CU-CN
  • status: ALLOCATED PORTABLE
  • last-modified: 2016-05-04T00:29:00Z
  • irt: IRT-CU-CN
  • address: No.21,Financial Street
  • address: Beijing,100033
  • address: P.R.China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: CH1302-AP
  • tech-c: CH1302-AP
  • mnt-by: MAINT-CNCGROUP
  • last-modified: 2023-10-21T03:27:35Z
  • person: ChinaUnicom Hostmaster
  • nic-hdl: CH1302-AP
  • e-mail: [email protected]
  • address: No.21,Jin-Rong Street
  • address: Beijing,100033
  • address: P.R.China
  • phone: +86-10-66259764
  • fax-no: +86-10-66259764
  • country: CN
  • mnt-by: MAINT-CNCGROUP
  • last-modified: 2017-08-17T06:13:16Z
  • person: Wei Wang
  • nic-hdl: WW444-AP
  • e-mail: [email protected]
  • phone: +86-371-65952358
  • fax-no: +86-371-65968952
  • country: CN
  • mnt-by: MAINT-CNCGROUP-HA
  • last-modified: 2010-03-05T08:20:01Z
  • route: 42.224.0.0/12
  • descr: China Unicom Henan Province Network
  • country: CN
  • origin: AS4837
  • mnt-by: MAINT-CNCGROUP-RR
  • last-modified: 2011-03-02T05:24:03Z

Links to attack logs

awsau-mssql-bruteforce-ip-list-2021-11-07 dolondon-mssql-bruteforce-ip-list-2021-10-26