120.92.111.55 Threat Intelligence and Host Information

Share on:

General

This page contains threat intelligence information for the IPv4 address 120.92.111.55 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force, T1595 - Active Scanning
  • Tags: blacklist, botnet, brute force, Bruteforce, Brute-Force, cowrie, cyber security, dhcp, elasticsearch, ftp, imap, ioc, ldap, malicious, memcache, mssql, Nextray, ntp, oracle, phishing, postgres, qredis, scan, scanners, sip, sipvicious, smb, snmp, socks5, ssh, SSH, telnet, vnc, vultr

  • View other sources: Spamhaus VirusTotal
  • Contained within other IP sets: haley_ssh

  • Country: China
  • Network: AS59019 beijing kingsoft cloud internet technology co ltd
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

3000 8000 9876

CVEs Detected

CVE-2021-27358 CVE-2021-27962 CVE-2021-28147 CVE-2021-28148 CVE-2021-39226 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-31107 CVE-2022-31123 CVE-2022-31130 CVE-2022-35957 CVE-2022-36062 CVE-2022-39201 CVE-2022-39229 CVE-2022-39307 CVE-2022-39324 CVE-2023-0594 CVE-2023-3128 CVE-2023-33246 CVE-2023-37582

Map

Whois Information

  • inetnum: 120.92.0.0 - 120.92.239.255
  • netname: BJKSCNET
  • descr: Beijing Kingsoft Cloud Internet Technology Co., Ltd.
  • descr: Kingsoft Tower,No.33 Xiao Ying West Road,Haidian District,Beijing,China
  • country: CN
  • admin-c: ML1940-AP
  • tech-c: YW7099-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • mnt-irt: IRT-CNNIC-CN
  • last-modified: 2021-06-16T01:33:16Z
  • irt: IRT-CNNIC-CN
  • address: Beijing, China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-06-16T01:39:57Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: Liming Huang
  • address: Kingsoft Tower,No.33 Xiao Ying West Road,Haidian District,Beijing,China
  • country: CN
  • phone: +86-13811219970
  • e-mail: [email protected]
  • nic-hdl: ML1940-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2013-06-18T01:36:01Z
  • person: Zhang Jian
  • address: Kingsoft Tower,No.33 Xiao Ying West Road,Haidian District,Beijing,China
  • country: CN
  • phone: +86-18600354960
  • e-mail: [email protected]
  • nic-hdl: YW7099-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2020-05-09T05:13:40Z
  • route: 120.92.0.0/17
  • descr: Beijing Kingsoft Cloud Internet Technology Co., Ltd.
  • descr: Kingsoft Tower,No.33 Xiao Ying West Road,Haidian District,Beijing,China
  • country: CN
  • origin: AS59019
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2015-08-17T09:10:01Z

Links to attack logs

digitaloceanfrankfurt-ssh-bruteforce-ip-list-2023-10-23 digitaloceanfrankfurt-ssh-bruteforce-ip-list-2024-02-17 ** ** ** vultrwarsaw-ssh-bruteforce-ip-list-2023-12-26 digitaloceansingapore-ssh-bruteforce-ip-list-2023-11-26 digitaloceansingapore-ssh-bruteforce-ip-list-2024-01-23 dolondon-ssh-bruteforce-ip-list-2022-06-20 dofrank-ssh-bruteforce-ip-list-2022-06-20 ** ** vultrparis-ssh-bruteforce-ip-list-2023-10-16 digitaloceansingapore-ssh-bruteforce-ip-list-2023-12-29 digitaloceantoronto-ssh-bruteforce-ip-list-2023-11-01