182.254.149.130 Threat Intelligence and Host Information

Share on:
Apr 19, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Known Malicious Host 🔴 75/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, Scanner, Webattack, brute force, brute-force, bruteforce, cowrie, cyber security, ioc, last update, malicious, phishing, scanning, smtp, ssh, tcp, unique count, windows server
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_de, blocklist_de_ssh, haley_ssh

  • Country: China
  • Network: AS45090 shenzhen tencent computer systems company limited
  • Noticed: 50 times
  • Protcols Attacked: SSH
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: bzkt.haixuanyun.com 163wkt.com epnew.hx-college.com old.hx-college.com

Open Ports Detected

21 443 888

CVEs Detected

CVE-2018-19935 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11044 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-13224 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2020-7059 CVE-2020-7060 CVE-2020-7061 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454

Map

Whois Information

  • inetnum: 182.254.128.0 - 182.254.255.255
  • netname: TencentCloud
  • descr: Tencent cloud computing (Beijing) Co., Ltd.
  • descr: Floor 6, Yinke Building,38 Haidian St,
  • descr: Haidian District Beijing
  • country: CN
  • admin-c: JT1125-AP
  • tech-c: JX1747-AP
  • abuse-c: AC1601-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-CNNIC-AP
  • mnt-lower: MAINT-CNNIC-AP
  • mnt-routes: MAINT-CNNIC-AP
  • mnt-irt: IRT-CNNIC-CN
  • last-modified: 2021-06-16T01:26:35Z
  • irt: IRT-CNNIC-CN
  • address: Beijing, China
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-06-16T01:39:57Z
  • role: ABUSE CNNICCN
  • address: Beijing, China
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: IP50-AP
  • tech-c: IP50-AP
  • nic-hdl: AC1601-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2020-05-14T11:19:01Z
  • person: James Tian
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-84952
  • e-mail: [email protected]
  • nic-hdl: JT1125-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:37:15Z
  • person: Jimmy Xiao
  • address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
  • address: District of Hi-tech Park, Shenzhen
  • country: CN
  • phone: +86-755-86013388-80224
  • e-mail: [email protected]
  • nic-hdl: JX1747-AP
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2021-09-17T00:38:09Z
  • route: 182.254.128.0/17
  • descr: Tencent Cloud Computing
  • country: CN
  • origin: AS45090
  • notify: [email protected]
  • mnt-by: MAINT-CNNIC-AP
  • last-modified: 2014-12-05T06:54:02Z

Links to attack logs

bruteforce-ip-list-2020-11-10 bruteforce-ip-list-2022-04-06