154.83.12.89 Threat Intelligence and Host Information

Mar 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 154.83.12.89 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: Bruteforce, Brute-Force, cowrie, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network:
  • Noticed: 3 times
  • Protocols Attacked: ssh
  • Passive DNS Results: bet8863.com bet8817.com 5528365.com 5538365.com 5598365.com 9985365.com 1258365.com 5518365.com 9987365.com 9986365.com 3358365.com 3368365.com 132-ac.win 365-bt.win 88117.vip 88554.vip 356-bt.win 333-ky.win 111-ky.win 22002.vip 22077.vip 222-ky.win 3a6c5d.com 558226.com 58022.vip 53558.vip 89991.vip 58558.vip 58011.vip 58778.vip 88255.vip 58518.vip 58808.vip 52822.vip 58998.vip 88177.vip 52668.vip 89997.vip 52212.vip 58168.vip 52202.vip 89993.vip 58088.vip 58228.vip 58033.vip 55776.vip 50566.vip 55099.vip 55001.vip 55618.vip 50533.vip 50525.vip 55958.vip 50520.vip 50522.vip 55658.vip 55199.vip 55909.vip 55002.vip 55022.vip 55068.vip 55848.vip 55445.vip 55033.vip 55802.vip 55330.vip 55050.vip 55880.vip 55616.vip 55676.vip 55707.vip 55112.vip 55011.vip 55686.vip 55801.vip 89505.vip 89987.vip 89919.vip 89885.vip 89909.vip 89707.vip 89818.vip 89828.vip 89598.vip 89700.vip 77858.vip 55757.vip 77744.vip 55656.vip 66808.vip 77818.vip 55808.vip 88585.vip 55818.vip 558010.com 558115.com 558028.com 558025.com 558007.com 55828.vip 88665.vip 88787.vip 88798.vip 5690.org 5633.org 5706.org 5605.org 5708.org 5680.org 998365.org 99365.org 18365.org www.tt499.com tt499.com

Open Ports Detected

137 3389 5985

Map

Whois Information

  • inetnum: 154.83.12.0 - 154.83.12.255
  • netname: Yisu_Cloud_Ltd
  • descr: Yisu Cloud Ltd
  • country: HK
  • admin-c: CIS1-AFRINIC
  • tech-c: CIS1-AFRINIC
  • status: ASSIGNED PA
  • mnt-by: CIL1-MNT
  • mnt-by: LARUS-SERVICE-MNT
  • parent: 154.80.0.0 - 154.95.255.255
  • person: Cloud Innovation Support
  • address: Ebene
  • address: MU
  • address: Mahe
  • address: Seychelles
  • phone: tel:+248-4-610-795
  • nic-hdl: CIS1-AFRINIC
  • abuse-mailbox: abuse@cloudinnovation.org
  • mnt-by: CIL1-MNT
  • route: 154.83.12.0/24
  • descr: Yisu Cloud Ltd
  • origin: AS142403
  • mnt-by: LARUS-SERVICE-MNT

Links to attack logs

****** digitaloceansingapore-ssh-bruteforce-ip-list-2025-02-01

Share on: