117.18.13.173 Threat Intelligence and Host Information

Share on:
Oct 16, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 117.18.13.173 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force

  • Tags: brute force, Bruteforce, Brute-Force, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network: AS64050 bgpnet global asn
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Australia
  • Passive DNS Results: hongkong2.globalnodes.cc n.miisms.com www.paolujichang.com paolujichang.com wnppin.com umktg.name sahgog.com oywpdl.com zcpsf.com gluld.name vflpf.name tpfvi.name nlbwu.name nzqen.name oobtac.com vbxcj.com ylrgu.com tnowe.com bdcck.com gaubw.name urnqh.name etytt.name lyihc.name tlvap.name npqiq.name wkwaa.name felaw.name beqlh.name qorww.name uyvjp.name unbph.name xdffr.name qrole.name trhsk.name sfbom.name qojcd.name tkuqy.name rihmv.name osioa.name iykhh.name lckyw.name rbkml.name livzo.name nqfc.name gmbd.name vvqwn.name ogq0.name rcdij.name foqtc.name siamu.name kafus.name ijvjo.name ybaqa.name zesnr.name yhmjg.name qrs8b.xyz mkexw.xyz mjhex.xyz v7wli.name zpt9d.name ljabf.name qdity.name oxs5u.name npwcc.name yj2tw.name kbkie.name pfv7k.name qwjeu.name cryxi.name ahiob.name qgulu.name lrrdt.name unqxp.name waekk.name lsiab.name pkgig.name onsyu.name fg4x4.name djpxs.name f0g7l.name m16zv.name ibnu3x5zs4ym.com www.hzg.life op.dugujiuyi1.xyz

Open Ports Detected

123 22 443 80

CVEs Detected

CVE-2018-16845 CVE-2019-20372 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2021-23017 CVE-2021-3618

Map

Whois Information

  • inetnum: 117.18.13.0 - 117.18.13.255
  • netname: MEGA-II
  • descr: MEGA-II IDC
  • country: HK
  • admin-c: DA179-AP
  • tech-c: DA179-AP
  • abuse-c: AS2098-AP
  • status: ALLOCATED NON-PORTABLE
  • mnt-by: MAINT-HK-SUN
  • mnt-irt: IRT-SUN-HK
  • last-modified: 2020-05-17T23:03:53Z
  • irt: IRT-SUN-HK
  • address: MEGA-II IDC
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: DA179-AP
  • tech-c: DA179-AP
  • mnt-by: MAINT-HK-SNW
  • last-modified: 2023-05-11T06:45:09Z
  • role: ABUSE SUNHK
  • address: MEGA-II IDC
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: DA179-AP
  • tech-c: DA179-AP
  • nic-hdl: AS2098-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2023-05-11T06:51:55Z
  • person: DNS Administrator
  • nic-hdl: DA179-AP
  • e-mail: [email protected]
  • address: SHA TIN
  • phone: +852-2135-9374
  • country: HK
  • mnt-by: MAINT-HK-SNW
  • abuse-mailbox: [email protected]
  • last-modified: 2020-05-17T14:55:38Z

Links to attack logs

digitaloceantoronto-ssh-bruteforce-ip-list-2023-10-03