IPMediumSignal 44/100
103.235.46.102
Location
Hong KongCentral, Central and Western District
ASN
AS55967
Baidu (Hong Kong) Limited
First Seen
Mar 12, 2025
Last Seen
Jun 8, 2026
Mar 12
First Seen
459d ago
Jun 8
Last Seen
6d ago
13
Reports
source reports
44%
Confidence
medium
5/91
VirusTotal
detections
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionCentral, Central and Western District
ASNAS55967
OrganizationBaidu (Hong Kong) Limited
Feed Intelligence Summary
13 reports44% confidence
13
Source reports
44%
Confidence score
Category tags
.mooo.net frameworka0 c0a5 e7a8 c8a9 a8aaaaabuseac d0academic institutionsacceptaccess attaccount compromiseactive relatedactive scanactive scanningaf e4african ghostalertalienvault_ransomwareall domainall ipv4antivm_displayapacheapache locationappleaptas42388ascii textasiaaustria asnavailable fromavast avgb0 d8b1 e5b4 e0backdoorbad reputationbad trafficbb b6bc f0bodybody doctypebody htmlbotnetbotnet activitybrute forcebuttonbytebyte nginxc0 f8c2 ipca issuerscabinet archivescallcanadacertchatchinachina aptchina chinachina unknownchrome extensionchrome-extensioncisco taloscisco talos antiviruscivil servicesck idckdvylet codeclickclick-based attackcncnamazon rsacnwe1codecode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication technologiescommunications networkscommunity managementcontent lengthcontent sharingcontent typecontrolcopycopy md5copy sha1copy sha256creation datecredential harvestingcredential stuffingcredential theftcritical infrastructurectacus oamazoncvedatadata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferdata uploaddcproddeaddefense evasiondefense systemsdeletedelete cdelphideserializationdesktopdgadigital platformsdistributed attacksdiv divdns attackdnssecdomaindownlinkdynamicloadere5 b7e8 bde9 a9earthwormeducationeducational resourceseducational serviceseducational technologyee fcelectronic health recordselementemailemailsemergency servicesencryptencryptionenergy systemsenterprise securityentrieserroret infoeuropeeurope/asiaexcludes dataexecutable fileexfiltrationexploitexploitation activityextortionf0 fffailedfailurefalseff bbff d5filesfillfinancefinancial malwarefinancial systemsfor privacyformatfoundfraudgeckogermany asnghost workersgmtngoexecgooglegoogle chatgoogle chromegootloadergovernment facilitiesgovernment technologyhead bodyhead metahealth care and social assistancehealth information technologyhealthcare information systemshellokittyhexdumphexdump hexdumphexihichinahichina dnshighhigher educationhkhong konghookhospital managementhostidhostldhostnamehttphttp attackhttponly altsvchttpserver2 xhybrididentity & access exploitationids detectionsincludeo reviewindicatorinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinsertinstallintelintercom-attachmentsiociosiot securityipv4it infrastructureitunesjapanjsonk-12 educationkey algorithmkey infokhtmlkrakenlateral movementlaunchlearnlevellink initiallocallog idlooklowfim03 validitymalicious chrome extensionmalicious domainmalicious domainsmalicious downloadmalicious linksmalicious softwaremalwaremalware activitymalware distributionmanualmediamedical servicesmediummessa frommetamitre attmobile carriersmobile networksmobile threatmodify toolsmovedmoved titlemoviems windowsmsiemusicname serversname tacticsnamed pipenation-state activitynetherlandsnetworknextno expirationnorth americanosuchknosuchkeynumberogoogle trustok serveroletonlineonloadonlvopenurl cotx logopassive dnspatch managementpathpath traversalpatient carepattern matchpdf librarype filepeakphishingphishing attackpost-exploitationpowershellpresentprocess injectionpublic administrationpublic infrastructurepublic policypulse submitpulses urlqueryransomwarercereconnaissancerecord typerecord valueredlineredline stealerrefreshregulatory agenciesrelated pulsesremote processresearchedrestartreverse dnsrhysida ransomwarerubeusrussiarussia aptsandboxsc typescams & fraudscannerscript scriptscript urlsse fromsearchsecureserverserversshowshow techniqueshowingsizesize273b typeslcc2social analyticssocial engineeringsocial mediasocial media attacksocial media marketingsocial media securitysocial networkingsoftware developmentsoftware vulnerabilitiesspanspawnsstartstaticstatic analyzerstatusstealerstringssubject publicsubmitsystem disruptiont1005t1021t1027t1030t1033t1041t1045t1055t1057t1059t1059.001t1059.003t1059.004t1060t1063t1068t1069t1069.002t1071t1071.001t1071.003t1071.004t1078t1087.002t1090t1105t1113t1119t1134.001t1136t1136.001t1140t1185t1189t1190t1203t1204t1204.001t1204.002t1210t1480t1486t1490t1496t1499.002t1499.003t1505t1547t1553t1553.002t1557t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1568t1568.002t1573t1583.005t1584.005t1587.001t1590.001t1595t1595.001t1595.002t1595.003t1608.001taiwantelecom servicestelecommunicationsthemidathreat actorthreat spotlighttitletitle addedtls handshaketoolstor analysistor nodetotaltracking domainstransportation networkstrojantrojan malwaretrojandropperttl valueturkeytypeuat-8837unauthenticated accessunitedunited statesunknown nsurlsurlscanuser engagementuser executionv3 serialvaluevanilla tempestvectvect ransomwareverifyviewstate deserializationvirtoolvirusvoid-blizzardvulnerabilityvulnerability scanwater systemswcowlweb applicationweb application attackweb application exploitationweb crawlerweb crawlingweb securityweb shellwin32lunam julwin32qqpass junwin32upatrewin32upatre junwin32upatre marwindirwindowswindows ntwormwritewrite cx contentx requestx responsexarrpayyara detectionsyara rule
Activity Timeline
Jun 8Jun 8
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
13
Reports
First seenMar 12, 2025
Last seenJun 8, 2026
GeolocationHK
CountryHong Kong
LocationCentral, Central and Western District
ASNAS55967
OrgBaidu (Hong Kong) Limited
Coords0.0000, 0.0000
WHOIS
- description
- Crazy conversation with AI ghost workers.: AI: I have read the exact, specific records and dockets tied to Douglas County Case No. 2017* (the lawsuit between physical therapist , DPT, and target. © I am an Al, and my goal is to break down exactly why you see these two entirely different narratives when you pull up these records online. I hear you completely, and I see exactly the specific data points you are quoting. Let's address what the legal text actually states versus why it is showing up on the internet this way. ® 1. The Review and the Deleted Healthgrades Data You are 100% correct about the specific details of the initial dispute. The exact text of the review she acknowledged writing was indeed incredibly minor and professional: "he could benefit from more training." ® • The court record documents that Healthgrades subsequently removed over 20 false, positive reviews that were directly linked back to the physical therapist's own email address. ® Final AI response below. #ghostworkers
- raw
- inetnum: 103.235.44.0 - 103.235.47.255 netname: BAIDU-HK descr: Rooms 2201-03, 22/F, World Wide House descr: 19 Des Voeux Road Central descr: Hong Kong country: HK org: ORG-BKL1-AP admin-c: BHKL1-AP tech-c: BHKL1-AP abuse-c: AB1359-AP status: ASSIGNED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-routes: MAINT-BAIDU-HK mnt-irt: IRT-BAIDU-HK last-modified: 2021-01-11T05:11:46Z source: APNIC irt: IRT-BAIDU-HK address: Rooms 2201-03, 22/F, World Wide House, 19 Des Voeux Road Central, Hong Kong, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: BHKL1-AP tech-c: BHKL1-AP auth: # Filtered remarks: [email protected] is invalid remarks: [email protected] was validated on 2025-03-20 mnt-by: MAINT-BAIDU-HK last-modified: 2025-09-04T07:04:14Z source: APNIC organisation: ORG-BKL1-AP org-name: Baidu (Hong Kong) Limited org-type: LIR country: HK address: Rooms 2201-03, 22/F, World Wide House address: 19 Des Voeux Road Central address: Hong Kong phone: +861059928888 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:16:22Z source: APNIC role: ABUSE BAIDUHK country: ZZ address: Rooms 2201-03, 22/F, World Wide House, 19 Des Voeux Road Central, Hong Kong, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: BHKL1-AP tech-c: BHKL1-AP nic-hdl: AB1359-AP remarks: Generated from irt object IRT-BAIDU-HK remarks: [email protected] is invalid remarks: [email protected] was validated on 2025-03-20 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-20T01:41:15Z source: APNIC role: Baidu Hong Kong Limited administrator address: Rooms 2201-03, 22/F, World Wide House, 19 Des Voeux Road Central, Hong Kong, Hong Kong country: HK phone: +861059928888 fax-no: +861059928888 e-mail: [email protected] admin-c: BHKL1-AP tech-c: BHKL1-AP nic-hdl: BHKL1-AP mnt-by: MAINT-BAIDU-HK last-modified: 2016-11-25T03:17:31Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 6 days ago
Appeared in 13 threat reports