107.155.56.91 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 107.155.56.91 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: US
  • Network: [***CVE-2021-36368***](https://jamesbrine.com.au/CVE-2021-36368)
  • Noticed: 9 times
  • Protocols Attacked: ssh
  • Countries Attacked: Poland, Sweden, United States of America
  • Tor Node: No

Tags

  • badrequest
  • bruteforce
  • Bruteforce
  • Brute-Force
  • cowrie
  • info
  • malicious
  • notice
  • portscan
  • probing
  • scanning
  • sftp
  • ssh
  • SSH
  • webscan
  • webscanner
  • webscanner bruteforce web app attack

MITRE ATT&CK TTPs

  • T1078 - Valid Accounts
  • T1083 - File and Directory Discovery
  • T1098.004 - SSH Authorized Keys
  • T1105 - Ingress Tool Transfer
  • T1110.004 - Credential Stuffing
  • T1110 - Brute Force

Associated CVEs

  • CVE-2007-2768

Attack Log References

Whois Information

OrgTechHandle: LIYAN11-ARIN NetRange: 107.155.0.0 - 107.155.63.255 CIDR: 107.155.0.0/18 OrgTechName: Li, Yang NetName: ZL-NET-002 OrgTechPhone: +1-626-412-0833 NetHandle: NET-107-155-0-0-1 Parent: NET107 (NET-107-0-0-0-0) OrgTechEmail: GlobalNetworkOperationsCenter@zenlayer.com NetType: Direct Allocation OriginAS: AS21859 OrgTechRef: https://rdap.arin.net/registry/entity/LIYAN11-ARIN Organization: Zenlayer Inc (ZENLA-7) RegDate: 2013-12-12 OrgTechHandle: ZENLA2-ARIN Updated: 2018-01-12 Ref: https://rdap.arin.net/registry/ip/107.155.0.0 OrgTechName: Zenlayer GNOC OrgName: Zenlayer Inc OrgId: ZENLA-7 OrgTechPhone: +1-909-718-3558 Address: 21680 Gateway Center Dr. Suite 350 OrgTechEmail: gfs-gnoc@zenlayer.com City: Diamond Bar StateProv: CA OrgTechRef: https://rdap.arin.net/registry/entity/ZENLA2-ARIN PostalCode: 91765 Country: US OrgAbuseHandle: SOCOP-ARIN RegDate: 2017-12-27 OrgAbuseName: SOC Ops Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/ZENLA-7 OrgAbusePhone: +1-909-718-3558 OrgTechHandle: ZENLA2-ARIN OrgTechName: Zenlayer GNOC OrgAbuseEmail: abuse@zenlayer.com OrgTechPhone: +1-909-718-3558 OrgAbuseRef: https://rdap.arin.net/registry/entity/SOCOP-ARIN OrgTechEmail: gfs-gnoc@zenlayer.com OrgTechRef: https://rdap.arin.net/registry/entity/ZENLA2-ARIN OrgNOCHandle: IPADM641-ARIN OrgAbuseHandle: SOCOP-ARIN OrgAbuseName: SOC Ops OrgNOCName: IP ADMIN OrgAbusePhone: +1-909-718-3558 OrgAbuseEmail: abuse@zenlayer.com OrgNOCPhone: +1-909-718-3558 OrgAbuseRef: https://rdap.arin.net/registry/entity/SOCOP-ARIN OrgTechHandle: LIYAN11-ARIN OrgNOCEmail: ipadmin@zenlayer.com OrgTechName: Li, Yang OrgNOCRef: https://rdap.arin.net/registry/entity/IPADM641-ARIN OrgTechPhone: +1-626-412-0833 OrgTechEmail: GlobalNetworkOperationsCenter@zenlayer.com NetRange: 107.155.56.0 - 107.155.57.255 OrgTechRef: https://rdap.arin.net/registry/entity/LIYAN11-ARIN OrgTechHandle: IPADM641-ARIN CIDR: 107.155.56.0/23 OrgTechName: IP ADMIN NetName: ZL-TYO-UCLOUD-0047 OrgTechPhone: +1-909-718-3558 OrgTechEmail: ipadmin@zenlayer.com NetHandle: NET-107-155-56-0-1 OrgTechRef: https://rdap.arin.net/registry/entity/IPADM641-ARIN OrgNOCHandle: IPADM641-ARIN Parent: ZL-NET-002 (NET-107-155-0-0-1) OrgNOCName: IP ADMIN OrgNOCPhone: +1-909-718-3558 NetType: Reassigned OrgNOCEmail: ipadmin@zenlayer.com OrgNOCRef: https://rdap.arin.net/registry/entity/IPADM641-ARIN OriginAS: AS135377 NetRange: 107.155.56.0 - 107.155.57.255 Organization: UCLOUD (UCLOU-1) CIDR: 107.155.56.0/23 NetName: ZL-TYO-UCLOUD-0047 RegDate: 2019-03-05 NetHandle: NET-107-155-56-0-1 Parent: ZL-NET-002 (NET-107-155-0-0-1) Updated: 2019-03-05 NetType: Reassigned OriginAS: AS135377 Comment: Abuse please contact:unoc@ucloud.cn ,unom@ucloud.cn,hegui@ucloud.cn Organization: UCLOUD (UCLOU-1) RegDate: 2019-03-05 Ref: https://rdap.arin.net/registry/ip/107.155.56.0 Updated: 2019-03-05 Comment: Abuse please contact:unoc@ucloud.cn ,unom@ucloud.cn,hegui@ucloud.cn OrgName: UCLOUD Ref: https://rdap.arin.net/registry/ip/107.155.56.0 OrgId: UCLOU-1 OrgName: UCLOUD OrgId: UCLOU-1 Address: FLAT/RM 603 6/ FLAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD KL Address: FLAT/RM 603 6/ FLAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD KL City: Hong Kong City: Hong Kong StateProv: PostalCode: StateProv: Country: HK RegDate: 2019-02-28 PostalCode: Updated: 2019-02-28 Ref: https://rdap.arin.net/registry/entity/UCLOU-1 Country: HK OrgTechHandle: IAU2-ARIN RegDate: 2019-02-28 OrgTechName: IP ABUSE Ucloud OrgTechPhone: +86 17721465033 Updated: 2019-02-28 OrgTechEmail: unoc@ucloud.cn OrgTechRef: https://rdap.arin.net/registry/entity/IAU2-ARIN Ref: https://rdap.arin.net/registry/entity/UCLOU-1 OrgAbuseHandle: IAU2-ARIN OrgAbuseName: IP ABUSE Ucloud OrgTechHandle: IAU2-ARIN OrgAbusePhone: +86 17721465033 OrgTechName: IP ABUSE Ucloud OrgAbuseEmail: unoc@ucloud.cn OrgAbuseRef: https://rdap.arin.net/registry/entity/IAU2-ARIN OrgTechPhone: +86 17721465033 OrgTechEmail: hegui@ucloud.cn OrgTechRef: https://rdap.arin.net/registry/entity/IAU2-ARIN OrgAbuseHandle: IAU2-ARIN OrgAbuseName: IP ABUSE Ucloud OrgAbusePhone: +86 17721465033 OrgAbuseEmail: hegui@ucloud.cn OrgAbuseRef: https://rdap.arin.net/registry/entity/IAU2-ARIN