154.91.226.83 Threat Intelligence and Host Information

Share on:
Nov 20, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 154.91.226.83 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: brute force, Bruteforce, Brute-Force, cowrie, scanners, ssh, SSH, vultr

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network: AS139646 hong kong megalayer technology co. limited
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Australia, Poland
  • Passive DNS Results: 8z4p9x5o.top 5jskf63u.top 9x0nm284.top xrhwt502.top j6ysc06a.top 7ukoi8ka.top b7joyfgq.top acrusbi6.top n5a8byoy.top 9mysylbd.top s38kn6h8.top tfrvv3bi.top 376dk82u.top voijq3ci.top 69x9yuzv.top a5z7wpus.top otofd94f.top m76gyp00.top 5f4gvq4s.top zy6kz6vh.top ye2fifkf.top r1ykl5x8.top vujgy9qk.top gpwc5i6m.top rpsou4mc.top roed2v1y.top slo6z4dj.top x2cpoe7e.top d10y202l.top 3mw9hdmw.top hat3tybo.top xn–ciqg63b71bf8zdhax81bgpa091mym4b.com ce9c6ifi.top tmoppey6.top txhlort.top d9ng9pv.top 99bvhvz5.top atxbn995.top 0vfxjf8t.top 8mltb6h.top b48y242.top slqc4f9.top gv4tsqw.top jw1tiyp.top 8foemlp.top ngnk1hp.top 19zrhf4.top 16ropjl.top 8snw7yi.top yc5sihs.top jzzgqr1.top nbnobhq.top csqnzo6.top y4qxf0b.top es1p1kn.top x8umyoo.top g9ac50v.top b7ezci7.top oak576c.top 332jnwk.top xn–fiq54bd1d73jkpiolah42jg57a.com cbg9lvr.top jmjcpn6.top d18a3xg.top 2nhghy4.top um9k7o5.top y3j0ljm.top 7si2s59.top 5ly5tad.top v4ns9n4.top d6v3dvr.top c25y42a.top zmfgik.top tiks1kb.top pv06ry.top xn–fiq54b382avhah34dttsrshk56b.com xn–ciqg63b71bu2g8ozknao59b.com xn–ciqg63b71bu2g8ozknao59b7g6b.com xn–gmqx1au77ashmcvj0olssv9ex.com knmajij.top oonuxz.top znhefl.top fbamyu.top 6l6wc4.top hfh38e.top bnxceg.top 5h5ai8.top 6scs9z.top oj9nyn.top rzzs78.top 2x5vi2.top vcheah.top 9h2vxv.top co3ey5.top bkquyw.top 5ryt8w.top r5vi1j.top mpnmlo.top xn–vhqrb50a71bv2g7ozlnaw62fn81djq0a.com 226pe3.top gj6v6w.top uqs32a.top knpmyi.top rfviox.top ytwzge.top jrrea9.top owagl1.top qi068v.top ca7wte.top om0zlu.top 7dpwsj8v.top skbf6n29.top pncowjj4.top xn–fiq3mp3ae17brja2xv65dmsdl93blt0a5d3a.com i0nord6z.top xqwckerz.top 1clj1u.top gv3pwd.top s48k6e.top fwqp06.top uvk99k.top fl9vif.top fn6kyc.top v2ighh.top a14bsw.top wk5um.top gvvce.top cr4ln.top i2ep8.top 8ckzo.top 6imz6.top mmbiw.pw iggbh.pw hlulo.pw xn–fiq54b382avhap13hhbgryik56b.com egxyc.pw pldnv.pw qlatz.pw hygvx.pw yfyfb.pw xn–fiq54bc2qbrgrjaw1q11dyx0h.com xn–fiqq24b3zq2me28enub339bgfo.com xn–vuq60izxex2lw0vvrb.com dayca.pw lxmen.pw www.pbccrc.org.cn.lxmen.pw iidpy.pw www.pbccrc.org.cn.iidpy.pw

Open Ports Detected

22 3000 443 80

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

  • inetnum: 154.91.226.0 - 154.91.226.255
  • netname: HONG_KONG_MEGALAYER_TECHNOLOGY_CO_LIMITED
  • descr: HONG KONG MEGALAYER TECHNOLOGY CO., LIMITED
  • country: HK
  • admin-c: CIS1-AFRINIC
  • tech-c: CIS1-AFRINIC
  • status: ASSIGNED PA
  • mnt-by: CIL1-MNT
  • mnt-by: LARUS-SERVICE-MNT
  • parent: 154.80.0.0 - 154.95.255.255
  • person: Cloud Innovation Support
  • address: Ebene
  • address: MU
  • address: Mahe
  • address: Seychelles
  • phone: tel:+248-4-610-795
  • nic-hdl: CIS1-AFRINIC
  • abuse-mailbox: [email protected]
  • mnt-by: CIL1-MNT
  • route: 154.91.226.0/23
  • descr: HONG KONG MEGALAYER TECHNOLOGY CO., LIMITED
  • origin: AS139646
  • mnt-by: LARUS-SERVICE-MNT

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2023-11-19