180.76.120.150 Threat Intelligence and Host Information

Share on:
Apr 18, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, cowrie, cyber security, ioc, malicious, phishing, scanners, ssh, vultr

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS38365 beijing baidu netcom science and technology co. ltd.
  • Noticed: 14 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 4 8797227b72405b7680b08341496274396b29cdec99f0c8b38c21cb086870e084 9e729b51792664bf40f50cf8c74c5eca555fbdbe7949a6a079252a05cce9df00 58b1edfa1e363dd9c799530a58a9da875f968b80df4ed48e2b6e187bf5483a9c 58b1edfa1e363dd9c799530a58a9da875f968b80df4ed48e2b6e187bf5483a9c

Open Ports Detected

22

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-28531

Map

Whois Information

  • inetnum: 180.76.0.0 - 180.76.255.255
  • netname: Baidu
  • descr: Beijing Baidu Netcom Science and Technology Co., Ltd.
  • descr: Baidu Plaza, No.10, Shangdi 10th street,
  • descr: Haidian District Beijing,100080
  • country: CN
  • admin-c: ZYK12-AP
  • tech-c: ZYK12-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • mnt-irt: IRT-CNNIC-CN
  • last-modified: 2021-06-16T01:32:42Z
  • irt: IRT-CNNIC-CN
  • address: Beijing, China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-06-16T01:39:57Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: Zhang Yukun
  • address: No.6 2nd North Street Haidian District Beijing
  • country: CN
  • phone: +86-18601350601
  • e-mail: [email protected]
  • nic-hdl: ZYK12-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2022-03-10T03:16:02Z
  • route: 180.76.64.0/18
  • descr: Baidu
  • country: CN
  • origin: AS38365
  • notify: [email protected]
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2017-12-21T02:20:14Z
  • route: 180.76.64.0/18
  • descr: Baidu
  • country: CN
  • origin: AS55967
  • notify: [email protected]
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2017-12-21T02:20:19Z

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2022-06-28