Active Threat • CRITICAL
121.40.44.5
Country of Origin🇨🇳 China
First Detection12/31/2025
Last Activity3/27/2026
ISPHangzhou Alibaba Advertising Co.,Ltd.
🎯
223
Total Attacks
🔌
40
Ports
📡
6
Attack Types
🦠
1
Malware
Geolocation
- Country
- 🇨🇳 China
- City
- Hangzhou
- ASN
- AS37963
- ISP
- Hangzhou Alibaba Advertising Co.,Ltd.
Attack Types
ssh_telnet_honeypot
voip_honeypot
elasticsearch_honeypot
malware_capture
web_honeypot
tcp_trap
Attacked Ports
212223808144510571060110018812021202222522253369144215060750180278211+20
Associated Malware
Attempted Credentials
🔐Call-ID: 50000/CSeq: 42 OPTIONS
1x🔐Contact: <sip:ad@ba>/Accept: application/sdp
1x🔐Max-Forwards: 70/Content-Length: 0
1x🔐b'0\x84\x00\x00\x00-\x02\x01\x07c\x84\x00\x00\x00$\x04\x00'/
1x🔐OPTIONS / HTTP/1.0/(empty)
1x🔐GET /temp%20files%2C/Def%61ult.txt%2etxt HTTP/1.0/(empty)
1x🔐GET / HTTP/1.0/(empty)
1x🔐OPTIONS / RTSP/1.0/(empty)
1x🔐From: <sip:ad@ba>;tag=root/To: <sip:ad3@ba1>
1x🔐OPTIONS sip:ks SIP/2.0/Via: SIP/2.0/TCP ks;branch=foo
1xShodan InternetDB ExposureShodan
InternetDB data, not real-time
Ports
1719235395104119221264311389465503513548554636853873943992109911191177123413441414144314551515
Vulnerabilities
CVE-2019-6111CVE-2021-41617CVE-2023-38408CVE-2023-51385CVE-2019-6110CVE-2025-23419CVE-2016-20012CVE-2019-16905CVE-2020-15778CVE-2019-6109CVE-2021-36368CVE-2023-48795CVE-2023-51767CVE-2018-15919CVE-2008-3844CVE-2025-32728CVE-2024-6387CVE-2020-14145CVE-2007-2768CVE-2023-44487
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:f5:nginx:1.22.1cpe:/a:openbsd:openssh:7.9cpe:/a:openbsd:openssh:7.4cpe:/a:realvnc:realvnc:::enterprisecpe:/o:hp:hp-uxcpe:/a:openbsd:openssh:7.5cpe:/a:mysql:mysql:5.7.44-logcpe:/a:openbsd:openssh:8.2p1cpe:/a:openbsd:openssh:8.6cpe:/a:openbsd:openssh:6.6.1cpe:/a:openbsd:openssh:X.Xcpe:/o:microsoft:windows
Risk Assessment
90
/100
LowMediumHighCritical