121.126.37.211 Threat Intelligence and Host Information

Share on:
Jun 30, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 121.126.37.211 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing

  • Tags: Brute-Force, Bruteforce, Nextray, SSH, Scanner, Telnet, Webattack, attack, brute-force, bruteforce, cowrie, cyber security, fail2ban, ioc, login, malicious, phishing, scanner, scanning, smtp, ssh, tcp, tsec

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: South Korea
  • Network: AS4766 korea telecom
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

80

CVEs Detected

CVE-1999-0450 CVE-2000-0071 CVE-2000-0246 CVE-2000-0258 CVE-2000-0304 CVE-2000-0408 CVE-2000-0413 CVE-2000-0457 CVE-2000-0630 CVE-2000-0631 CVE-2000-0649 CVE-2000-0746 CVE-2000-0770 CVE-2000-0778 CVE-2000-0884 CVE-2000-0886 CVE-2000-0951 CVE-2000-0970 CVE-2000-1104 CVE-2001-0004 CVE-2001-0096 CVE-2001-0146 CVE-2001-0151 CVE-2001-0506 CVE-2001-0507 CVE-2001-0508 CVE-2001-0544 CVE-2001-0902 CVE-2001-1186 CVE-2001-1243 CVE-2002-0071 CVE-2002-0072 CVE-2002-0073 CVE-2002-0074 CVE-2002-0075 CVE-2002-0079 CVE-2002-0147 CVE-2002-0148 CVE-2002-0149 CVE-2002-0150 CVE-2002-0224 CVE-2002-0364 CVE-2002-0419 CVE-2002-0422 CVE-2002-0862 CVE-2002-0869 CVE-2002-1180 CVE-2002-1181 CVE-2002-1182 CVE-2002-1694 CVE-2002-1695 CVE-2002-1700 CVE-2002-1744 CVE-2002-1745 CVE-2002-1790 CVE-2002-1908 CVE-2003-0223 CVE-2003-0224 CVE-2003-0225 CVE-2003-0226 CVE-2003-0718 CVE-2003-1566 CVE-2003-1567 CVE-2005-2089 CVE-2005-2678 CVE-2006-0026 CVE-2007-2815 CVE-2008-0074 CVE-2008-1446 CVE-2009-1122 CVE-2009-2521 CVE-2009-4444 CVE-2009-4445 CVE-2011-5279

Map

Whois Information

  • inetnum: 121.126.0.0 - 121.126.255.255
  • netname: HAIONNET
  • descr: HAIonNet
  • admin-c: IM851-AP
  • tech-c: IM851-AP
  • country: KR
  • status: ALLOCATED PORTABLE
  • mnt-by: MNT-KRNIC-AP
  • mnt-irt: IRT-KRNIC-KR
  • last-modified: 2017-02-02T02:44:02Z
  • irt: IRT-KRNIC-KR
  • address: Jeollanam-do Naju-si Jinheung-gil
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IM574-AP
  • tech-c: IM574-AP
  • mnt-by: MNT-KRNIC-AP
  • last-modified: 2021-06-15T06:21:49Z
  • person: IP Manager
  • address: Seoul Guro-gu Digital-ro
  • country: KR
  • phone: +82-2-3281-3456
  • e-mail: [email protected]
  • nic-hdl: IM851-AP
  • mnt-by: MNT-KRNIC-AP
  • last-modified: 2021-11-16T08:20:03Z
  • inetnum: 121.126.0.0 - 121.126.255.255
  • netname: HAIONNET-KR
  • descr: HAIonNet
  • country: KR
  • admin-c: HP88-KR
  • tech-c: HP88-KR
  • status: ALLOCATED PORTABLE
  • mnt-by: MNT-KRNIC-AP
  • mnt-irt: IRT-KRNIC-KR
  • changed: [email protected]
  • person: IP Manager
  • address: Seoul Guro-gu Digital-ro
  • address: DaeRyungPostTower 1Cha 1105
  • country: KR
  • phone: +82-2-3281-3456
  • e-mail: [email protected]
  • nic-hdl: HP88-KR
  • mnt-by: MNT-KRNIC-AP
  • changed: [email protected]

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2023-06-30