119.23.110.193

Summary (Bottom Line Up Front)

Malicious activity detected from 119.23.110.193 (CN, AS37963). 20371 events observed across SSH, TCP, TCP/SYN, TLS. AI verdict: NOISE.

SSH TCP TCP/SYN TLS
PROTO_ABUSE EXPLOIT
Activity Timeline
INITIAL REPORT2026-04-26T08:27:41Z
Source: Analyst Manual Entry
Malicious activity detected from 119.23.110.193 (CN, AS37963). 20371 events observed across SSH, TCP, TCP/SYN, TLS. AI verdict: NOISE.
Technical details
Protocols: SSH, TCP, TCP/SYN, TLS
Attack types: EXPLOIT, PROTO_ABUSE
Unique destination ports: 1
Active window: 2026-04-25 19:32:19.989781 to 2026-04-26 09:37:41.328671
Top patterns: ssh_exploit_banner, suricata_sid_2210044, suricata_sid_2403469
IOCs
IP:119.23.110.193
ASN:37963
COUNTRY:CN
Recommendations
  • Block 119.23.110.193 at perimeter firewall
  • Monitor other traffic from AS37963
  • Review correlated attacker profiles for campaign links
Threat Assessment
Threat Level MEDIUM
AI Verdict NOISE
Confidence 95%
Total Events 20,371
AbuseIPDB 100/100
Indicators of Compromise
ip 119.23.110.193
asn 37963
country CN
Captured Payloads (2)
HIGH EXPLOIT TCP:2200 
ET CINS Active Threat Intelligence Poor Reputation IP group 170
medium PROTO_ABUSE SSH:2200 
SSH-2.0-libssh