20.187.99.18 Threat Intelligence and Host Information

Share on:
Apr 30, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 53/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Bruteforce, Nextray, cowrie, cyber security, ioc, malicious, phishing, scanners, ssh, vultr

  • View other sources: Spamhaus VirusTotal

  • Country: Hong Kong
  • Network: AS8075 microsoft corporation
  • Noticed: 4 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: flexserverhaserver638152082746057808.postgres.database.azure.com eventoldbugff108.duckdns.org ivent-freefire.duckdns.org govideosexs-fornhub.duckdns.org ivent-freefire-indo.duckdns.org eventskingratisepep.duckdns.org eventspinneww.duckdns.org grupwhatsaap-bokep2022.duckdns.org skingratisfreefirenww.duckdns.org event-ff-9072.duckdns.org eventmlbb-newyrear2022.duckdns.org eventfreefireindoneww.duckdns.org joingrup-whatsaapku.duckdns.org www.joingrup-whatsaapku.duckdns.org event-lucky-spin880.duckdns.org joingrup-whatsaap-2022.duckdns.org www.joingrup-whatsaap-2022.duckdns.org www.eventcodhashop-ungu2022.duckdns.org www.eventannivesary-ff2022.duckdns.org www.claimitemitem-mobilelegend.duckdns.org www.claimhadiah-freefire2022.duckdns.org www.claimitem-ff-2022.duckdns.org claimitem-ff-2022.duckdns.org eventfreefiregratisneww.duckdns.org claimitemitem-mobilelegend.duckdns.org gabunggrup-whatsaapviral.duckdns.org event-frerfire-6782.duckdns.org event-freefire-6656.duckdns.org eventgratisfreefireneww.duckdns.org joingrupku-whatsaap.duckdns.org www.joingrupku-whatsaap.duckdns.org claimhadiah-freefire2022.duckdns.org grub-simontok.duckdns.org joingroupviralnew.duckdns.org claimitemff-terbaru2022.duckdns.org event-freeskkinmlbb.duckdns.org whatsapp-grub99zyc.duckdns.org ff-mantap-77.duckdns.org event-ff-bundle-baru.duckdns.org groupviralnew.duckdns.org codashopspesial88.duckdns.org eventcodashopspesial.duckdns.org joingrupbokep-terbaru2022.duckdns.org grupspesialviral.duckdns.org whatsaap-grupviral88.duckdns.org eventcodhashop-ungu2022.duckdns.org eventannivesary-ff2022.duckdns.org cekbuatssl-domain.duckdns.org

Malware Detected on Host

Count: 1 6a1367ec387aead695a663bfe87c9c1e8cecf0342b1a6f0d7bdac524045e9273

Map

Whois Information

  • NetRange: 20.180.0.0 - 20.191.255.255
  • CIDR: 20.180.0.0/14, 20.184.0.0/13
  • NetName: MSFT
  • NetHandle: NET-20-180-0-0-1
  • Parent: NET20 (NET-20-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Microsoft Corporation (MSFT)
  • RegDate: 2017-02-22
  • Updated: 2017-02-22
  • Ref: https://rdap.arin.net/registry/ip/20.180.0.0
  • OrgName: Microsoft Corporation
  • OrgId: MSFT
  • Address: One Microsoft Way
  • City: Redmond
  • StateProv: WA
  • PostalCode: 98052
  • Country: US
  • RegDate: 1998-07-10
  • Updated: 2023-04-21
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • Comment: * https://cert.microsoft.com.
  • Comment:
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: For legal and law enforcement-related requests, please contact:
  • Comment: * [email protected]
  • Comment:
  • Comment: For routing, peering or DNS issues, please
  • Comment: contact:
  • Comment: * [email protected]
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • OrgTechPhone: +1-425-882-8080
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
  • OrgTechHandle: BEDAR6-ARIN
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • OrgTechHandle: IPHOS5-ARIN
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • OrgAbuseHandle: MAC74-ARIN
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2022-08-10