49.7.216.165 Threat Intelligence and Host Information

Jan 11, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 49.7.216.165 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: brute-force, bruteforce, Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, Scanner, scanning, smtp, ssh, SSH, tcp, Webattack

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: China
  • Network:
  • Noticed: 39 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10000 10001 10012 10040 10043 10047 1023 1024 10243 10250 1029 10477 10533 1080 1099 11000 11007 111 11101 11112 11211 11288 11300 11371 11434 1167 1188 12000 12152 12154 12161 12164 12172 12178 12179 12216 12245 12248 12259 12269 12310 12320 12351 12352 12360 12408 12416 12429 12449 12502 12503 12506 12515 12518 12523 12535 12539 12557 12559 12567 12590 1311 1387 1400 1414 14147 14406 1494 1500 1521 1557 1577 1599 16010 16036 16051 16067 16993 17000 17070 1741 17778 18020 18044 18060 18063 18072 18081 18095 18104 1883 19071 19082 1911 1925 1926 1935 1960 1962 2002 2003 2049 2051 2058 2081 2083 2086 2133 2154 22 2222 2332 2345 2375 2376 2379 2404 2443 2480 2554 2556 2626 2761 2762 3000 3001 3056 3100 3123 3125 3145 3171 3260 3268 3269 3299 3301 3306 3310 3333 3389 3530 3550 3551 3563 3689 4040 4063 4064 4118 4150 4242 4321 4369 4433 4443 4444 4451 4459 4500 4506 4530 4561 4567 4664 4786 4840 4911 4949 5000 5001 5006 5007 5009 5010 5025 5236 5256 5279 5357 5432 5494 5543 5555 5560 5601 5672 5698 5858 5901 5938 5984 5985 5989 5994 6000 6001 6080 6081 6379 6432 6440 6443 6503 6512 6653 6664 6667 6697 6887 7016 7018 7071 7171 7218 7434 7474 7547 7548 7657 7777 7779 8000 8001 8008 8009 8010 8038 8046 8073 8081 8083 8085 8086 8098 8104 8111 8119 8123 8128 8139 8181 8188 8200 8291 8427 8475 8514 8520 8533 8545 8558 8568 8575 8599 8649 8723 8728 8745 8782 8827 8834 8837 8859 8880 8883 8885 8886 8888 8890 8906 9000 9001 9002 9006 9012 9035 9042 9046 9078 9088 9091 9092 9100 9102 9125 9137 9142 9153 9156 9191 9200 9213 9221 9291 9295 9303 9307 9333 9399 9529 9530 9600 9761 9800 9869 9876 9898 9922 9926 9943 9992 9999

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

  • inetnum: 49.7.0.0 - 49.7.255.255
  • netname: BJTEL
  • descr: ChinaTelecom Group Beijing Ltd,Co
  • descr: No.21 Chaoyangmen Beidajie,Dongcheng District,Beijing
  • country: CN
  • admin-c: YZ2206-AP
  • tech-c: HH1408-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-irt: IRT-BJTEL-CN
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • last-modified: 2023-11-28T00:58:18Z
  • irt: IRT-BJTEL-CN
  • address: No.21 Chaoyangmen Beidajie,Dongcheng District,Beijing
  • e-mail: zhengym.bj@bjtelecom.cn
  • abuse-mailbox: zhengym.bj@bjtelecom.cn
  • admin-c: YZ63-AP
  • tech-c: YZ63-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2025-11-18T00:35:07Z
  • role: ABUSE CNNICCN
  • country: ZZ
  • address: Beijing, China
  • phone: +000000000
  • e-mail: ipas@cnnic.cn
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: ipas@cnnic.cn
  • mnt-by: APNIC-ABUSE
  • last-modified: 2025-09-19T17:20:32Z
  • person: Hongtao Hou
  • address: No.21 Chaoyangmen Beidajie,Dongcheng District,Beijing
  • country: CN
  • phone: +86-10-58503461
  • e-mail: zhengym.bj@bjtelecom.cn
  • nic-hdl: HH1408-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-05-21T00:32:34Z
  • person: Yiming Zheng
  • address: No.21 Chaoyangmen Beidajie,Dongcheng District,Beijing
  • country: CN
  • phone: +86-10-58503461
  • fax-no: +86-10-58503054
  • e-mail: 13370163461@189.cn
  • nic-hdl: YZ2206-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2015-09-22T02:54:01Z

Links to attack logs

****** bruteforce-ip-list-2022-06-16 ****** ******

Share on: