IP address
Search at other sites: 
--47.94.166.190
Shodan(more info)
Passive DNS
- OTX pulses
-
[66d826f2f61254f51a48bbe7] 2024-09-04 09:22:57.362000 | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
Author name: AlienVault Pulse modified: 2024-09-04 09:22:57.362000 Indicator created: 2024-09-04 09:22:59 Indicator role: None Indicator title: Indicator expiration: 2024-10-04 09:00:00
- Origin AS
- AS37963 - CNNIC-ALIBABA-CN-NET-AP
- BGP Prefix
- 47.94.0.0/15
- geo
- China, Beijing
- 🕑 Asia/Shanghai
- hostname
- (null)
- Address block ('inetnum' or 'NetRange' in whois database)
- 47.92.0.0 - 47.95.255.255
- last_activity
- 2024-09-04 12:04:18.203000
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 11, 13, 17, 19, 21, 23, 24, 51, 53, 70, 79, 80, 83, 87, 102, 104, 110, 111, 113, 119, 122, 135, 143, 179, 221, 389, 427, 449, 502, 503, 515, 548, 587, 593, 631, 771, 789, 801, 873, 902, 995, 1023, 1153, 1177, 1200, 1337, 1414, 1433, 1515, 1521, 1599, 1800, 1880, 1901, 1911, 1926, 1950, 1962, 2000, 2002, 2058, 2077, 2079, 2081, 2087, 2121, 2126, 2181, 2222, 2245, 2259, 2323, 2332, 2345, 2375, 2404, 2455, 2547, 2553, 2568, 2628, 2647, 2761, 2762, 3001, 3050, 3053, 3055, 3067, 3076, 3090, 3107, 3108, 3119, 3299, 3301, 3310, 3337, 3388, 3405, 3443, 3503, 3522, 3551, 3558, 3561, 3749, 3780, 3790, 3794, 3951, 4000, 4040, 4063, 4157, 4242, 4282, 4369, 4433, 4434, 4443, 4444, 4506, 4545, 4700, 4734, 4786, 4840, 4899, 4995, 5001, 5004, 5006, 5201, 5222, 5269, 5560, 5608, 5672, 5697, 5858, 5907, 5909, 5910, 5938, 5986, 6000, 6363, 6379, 6543, 6633, 6653, 6662, 6666, 6668, 6748, 6789, 6887, 7001, 7070, 7218, 7415, 7443, 7548, 7557, 7989, 8001, 8002, 8007, 8009, 8011, 8014, 8016, 8023, 8027, 8032, 8036, 8039, 8052, 8056, 8066, 8069, 8081, 8085, 8087, 8089, 8091, 8099, 8100, 8126, 8139, 8180, 8184, 8200, 8252, 8291, 8333, 8384, 8409, 8414, 8421, 8448, 8500, 8545, 8554, 8621, 8649, 8733, 8815, 8834, 8849, 8860, 8865, 8866, 8868, 8874, 8879, 8880, 8881, 9001, 9004, 9016, 9038, 9039, 9042, 9043, 9049, 9051, 9070, 9091, 9095, 9106, 9151, 9160, 9191, 9212, 9221, 9251, 9295, 9300, 9306, 9398, 9530, 9595, 9633, 9761, 9876, 9940, 9998, 10000, 10001, 10134, 10250, 10554, 10911, 11000, 11210, 11211, 11300, 11434, 12000, 12348, 12767, 14147, 14344, 16670, 17000, 18081, 18245, 18443, 18553, 19000, 19200, 19305, 20256, 21025, 22000, 22021, 22069, 22070, 24442, 24567, 25001, 25565, 28015, 28080, 31337, 31443, 33060, 33445, 35000, 37215, 37777, 39929, 41800, 42113, 44158, 44818, 50000, 50100, 51235, 54138, 55000, 55443, 60010, 60129, 61613, 61616, 62078, 62200, 62357, 63210, 63256, 63257
- Tags: honeypot
- CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:7.4, cpe:/a:openbsd:openssh, cpe:/o:hp:hp-ux, cpe:/a:openbsd:openssh:5.3, cpe:/a:f5:nginx, cpe:/a:openbsd:openssh:8.6, cpe:/a:postfix:postfix, cpe:/a:openbsd:openssh:6.6.1, cpe:/o:microsoft:qotd::::en, cpe:/a:openbsd:openssh:7.5, cpe:/o:microsoft:windows, cpe:/a:apache:subversion, cpe:/a:openbsd:openssh:7.6p1, cpe:/a:eset:nod32_antivirus:99
- ts_added
- 2024-09-04 12:04:21.186000
- ts_last_update
- 2024-10-31 12:04:31.014000
Warden event timeline
DShield event timeline
OTX pulses