47.97.6.17 Threat Intelligence and Host Information

Dec 16, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 47.97.6.17 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Tags: awsindia, awsjap, brute force, bruteforce, cyber security, ioc, malicious, Nextray, phishing, redis, Scanner, scanning, smtp, ssh, tcp, Webattack

  • View other sources: Spamhaus VirusTotal

  • Country: China
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: redis
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, India, Japan, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10000 10134 102 1023 104 1080 10909 1099 110 111 11210 11288 1153 1177 12345 13 1337 135 1388 1414 14147 14265 1433 1443 15 1515 1599 16464 17 175 179 18080 18081 18245 18553 1883 1911 195 1990 19930 20000 2002 2003 2008 2018 20256 20547 2083 2087 20880 21 21025 21379 2181 2222 2376 2404 2455 25565 2559 2560 2628 27015 2762 28015 30003 3001 30422 3050 30522 3055 30718 30722 3088 3098 3102 311 31443 31522 31822 32022 32400 32722 32764 3299 3306 33060 33222 33522 3389 34422 34522 34622 34722 3550 35622 36622 36922 37 37722 37777 3780 3792 38333 38522 389 4000 4063 4118 41222 4150 41522 4157 42022 42422 42522 427 43 43222 44158 4443 44722 44818 44822 44922 45022 4506 45222 45722 45822 465 46722 4786 48922 49 49322 49622 50000 5006 5009 50100 502 50522 50622 50722 51122 51222 51422 51443 515 5172 51822 5222 52222 52322 5269 53 53122 53522 53722 53922 5435 54722 548 54984 55000 55222 55322 5542 55554 55822 56022 56422 56522 56622 5672 56722 57122 57322 57422 57822 58522 5858 58622 58722 58822 58922 59022 5906 59322 5938 5986 6000 60001 6002 61613 61616 63210 63256 63257 63260 636 64295 6464 6633 6653 6666 6668 6697 70 7001 7071 7080 7218 7434 7443 7500 7548 79 8009 8020 8042 8081 8083 8085 8099 8126 8140 8181 8291 8333 8409 8419 8444 8446 8728 873 8733 8808 8812 8843 8880 8889 8935 9001 9028 9091 9092 9100 9302 9306 9333 9398 9444 9530 9600 9633 98 992 993 995 9998 9999

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-16905 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2024-6387

Map

Whois Information

  • NetRange: 47.92.0.0 - 47.97.255.255
  • CIDR: 47.96.0.0/15, 47.92.0.0/14
  • NetName: APNIC
  • NetHandle: NET-47-92-0-0-1
  • Parent: NET47 (NET-47-0-0-0-0)
  • NetType: Early Registrations, Transferred to APNIC
  • OriginAS:
  • Organization: Asia Pacific Network Information Centre (APNIC)
  • RegDate: 2015-03-02
  • Updated: 2015-03-02
  • Ref: https://rdap.arin.net/registry/ip/47.92.0.0
  • OrgName: Asia Pacific Network Information Centre
  • OrgId: APNIC
  • Address: PO Box 3646
  • City: South Brisbane
  • StateProv: QLD
  • PostalCode: 4101
  • Country: AU
  • RegDate:
  • Updated: 2012-01-24
  • Ref: https://rdap.arin.net/registry/entity/APNIC
  • OrgTechHandle: AWC12-ARIN
  • OrgTechName: APNIC Whois Contact
  • OrgTechPhone: +61 7 3858 3188
  • OrgTechEmail: search-apnic-not-arin@apnic.net
  • OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • OrgAbuseHandle: AWC12-ARIN
  • OrgAbuseName: APNIC Whois Contact
  • OrgAbusePhone: +61 7 3858 3188
  • OrgAbuseEmail: search-apnic-not-arin@apnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • inetnum: 47.96.0.0 - 47.97.255.255
  • netname: ALISOFT
  • descr: Aliyun Computing Co., LTD
  • descr: 5F, Builing D, the West Lake International Plaza of S&T
  • descr: No.391 Wen’er Road, Hangzhou, Zhejiang, China, 310099
  • country: CN
  • admin-c: ZM1015-AP
  • tech-c: ZM877-AP
  • tech-c: ZM876-AP
  • tech-c: ZM875-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-irt: IRT-ALISOFT-CN
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • last-modified: 2023-11-28T00:58:18Z
  • irt: IRT-ALISOFT-CN
  • address: No.391 Wen’er Road, Hangzhou, Zhejiang, China, 310099
  • e-mail: didong.jc@alibaba-inc.com
  • abuse-mailbox: didong.jc@alibaba-inc.com
  • admin-c: ZM877-AP
  • tech-c: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-05T23:38:36Z
  • role: ABUSE CNNICCN
  • country: ZZ
  • address: Beijing, China
  • phone: +000000000
  • e-mail: ipas@cnnic.cn
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: ipas@cnnic.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2024-07-30T11:55:46Z
  • person: Li Jia
  • address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou
  • country: CN
  • phone: +86-0571-85022088
  • e-mail: jiali.jl@alibaba-inc.com
  • nic-hdl: ZM1015-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2014-07-30T02:02:01Z
  • person: Guoxin Gao
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022600
  • fax-no: +86-0571-85022600
  • e-mail: anti-spam@list.alibaba-inc.com
  • nic-hdl: ZM875-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2014-07-30T01:56:01Z
  • person: security trouble
  • e-mail: yitian.gaoyt@alibaba-inc.com
  • address: Hangzhou, Zhejiang, China
  • phone: +86-0571-85022600
  • country: CN
  • mnt-by: MAINT-CNNIC-AP
  • nic-hdl: ZM876-AP
  • last-modified: 2021-04-13T23:22:33Z
  • person: Guowei Pan
  • address: 5F, Builing D, the West Lake International Plaza of S&T
  • address: No.391 Wen’er Road, Hangzhou City
  • address: Zhejiang, China, 310099
  • country: CN
  • phone: +86-0571-85022088-30763
  • fax-no: +86-0571-85022600
  • e-mail: guowei.pangw@alibaba-inc.com
  • nic-hdl: ZM877-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2013-07-09T01:34:02Z
  • route: 47.96.0.0/15
  • descr: Aliyun Computing Co., LTD
  • country: CN
  • origin: AS37963
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-11-05T05:54:02Z

Links to attack logs

****** awsindia-redis-bruteforce-ip-list-2022-03-30 awsjap-redis-bruteforce-ip-list-2022-04-02 awsjap-redis-bruteforce-ip-list-2022-03-18 awsjap-redis-bruteforce-ip-list-2022-03-20 ****** awsjap-redis-bruteforce-ip-list-2022-04-07 ******

Share on: