20.187.96.119 Threat Intelligence and Host Information

Share on:
Apr 30, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Malicious IP, Nextray, SSH, aws, blacklist, bruteforce, cowrie, cyber security, digital ocean, ioc, malicious, phishing, scan, scanners, ssh, tcp, vultr

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network: AS8075 microsoft corporation
  • Noticed: 42 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Singapore, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: admin.hwin666.com www.79798883.net 79797777.net www.79795555.net 79795555.net www.79797777.net 79798882.net 79798883.net 79798885.net www.79796611.net ky1110.cc 79796611.net truu55.xyz truu40.xyz truu28.xyz truu84.xyz truu7.xyz truu87.xyz truu62.xyz truu99.xyz truu80.xyz truu18.xyz truu83.xyz truu90.xyz truu6.xyz truu65.xyz truu66.xyz truu69.xyz truu13.xyz truu97.xyz truu63.xyz truu58.xyz truu23.xyz truu86.xyz truu64.xyz truu43.xyz truu57.xyz truu82.xyz truu100.xyz truu46.xyz truu36.xyz truu50.xyz truu31.xyz truu12.xyz truu91.xyz truu19.xyz truu45.xyz truu11.xyz truu89.xyz truu15.xyz truu42.xyz truu81.xyz truu24.xyz truu92.xyz truu51.xyz truu52.xyz truu38.xyz truu56.xyz truu73.xyz truu85.xyz truu44.xyz truu41.xyz truu21.xyz truu14.xyz truu59.xyz truu60.xyz truu8.xyz truu72.xyz truu54.xyz truu16.xyz truu77.xyz truu4.xyz truu3.xyz truu26.xyz truu2.xyz truu49.xyz truu95.xyz truu34.xyz truu35.xyz truu76.xyz truu20.xyz truu9.xyz truu98.xyz truu47.xyz truu25.xyz truu74.xyz truu48.xyz truu61.xyz truu32.xyz truu27.xyz truu53.xyz truu79.xyz truu30.xyz truu75.xyz truu5.xyz truu33.xyz truu94.xyz truu29.xyz truu68.xyz truu93.xyz truu67.xyz truu1.xyz truu96.xyz truu10.xyz truu70.xyz truu71.xyz truu37.xyz truu39.xyz truu22.xyz truu78.xyz truu17.xyz

Map

Whois Information

  • NetRange: 20.180.0.0 - 20.191.255.255
  • CIDR: 20.184.0.0/13, 20.180.0.0/14
  • NetName: MSFT
  • NetHandle: NET-20-180-0-0-1
  • Parent: NET20 (NET-20-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Microsoft Corporation (MSFT)
  • RegDate: 2017-02-22
  • Updated: 2017-02-22
  • Ref: https://rdap.arin.net/registry/ip/20.180.0.0
  • OrgName: Microsoft Corporation
  • OrgId: MSFT
  • Address: One Microsoft Way
  • City: Redmond
  • StateProv: WA
  • PostalCode: 98052
  • Country: US
  • RegDate: 1998-07-10
  • Updated: 2023-04-21
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • Comment: * https://cert.microsoft.com.
  • Comment:
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: For legal and law enforcement-related requests, please contact:
  • Comment: * [email protected]
  • Comment:
  • Comment: For routing, peering or DNS issues, please
  • Comment: contact:
  • Comment: * [email protected]
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgTechHandle: BEDAR6-ARIN
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • OrgAbuseHandle: MAC74-ARIN
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
  • OrgTechHandle: IPHOS5-ARIN
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • OrgTechPhone: +1-425-882-8080
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN

Links to attack logs

dofrank-ssh-bruteforce-ip-list-2022-08-09 bruteforce-ip-list-2022-08-25 dosing-ssh-bruteforce-ip-list-2022-08-14 vultrmadrid-ssh-bruteforce-ip-list-2022-08-14 dosing-ssh-bruteforce-ip-list-2022-09-03