20.239.51.124 Threat Intelligence and Host Information

Share on:
Apr 30, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, cowrie, cyber security, ioc, malicious, phishing, ssh

  • View other sources: Spamhaus VirusTotal

  • Country: United States of America
  • Network: AS8075 microsoft corporation
  • Noticed: 7 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: 479607.cc 924775.cc 335213.cc 824554.cc 274893.cc 264643.cc 972901.cc 104768.cc 989672.cc 496725.cc 238759.cc 592792.cc 476882.cc 582762.cc 049255.cc 957375.cc 587632.cc 475627.cc 683527.cc 207361.cc 686164.cc 682764.cc 364940.cc 576164.cc 362531.cc 294862.cc 485671.cc kd7.uk 203567.cc 204793.com 927636.com 733692.com 711938.com 572341.com 846263.com 267347.com 635272.com 013091.com 714645.com 517423.com 739454.com 963943.com 646452.com 291743.com 476134.com 416214.com 736484.com 582514.com 746531.com 873914.com 736844.com 515443.com 217634.com 175324.com 604929.com 367844.com 766536.com 737542.com 643289.com 604915.com 736447.com 716324.com 902753.com 824434.com 836545.com 214193.com 504925.com 490293.com 913051.com 683537.com 735624.com 927376.com 532743.com 013431.com 393265.com 416524.com 231134.com 207616.com 261783.com 217683.com 285801.cc 569867.cc 284293.cc 283874.cc 293789.cc 357829.cc 285742.cc 284950.cc 294728.cc 697365.cc 461969.cc 596862.cc 438139.cc 387420.cc 289506.cc 274817.cc 298393.cc 145727.cc 475896.cc 983926.cc 678491.cc 274791.cc 575921.cc 397573.cc 798613.cc 375958.cc 203801.cc 965449.cc 810387.cc 285028.cc 492745.cc 305738.cc 946832.cc

Open Ports Detected

22

Map

Whois Information

  • NetRange: 20.192.0.0 - 20.255.255.255
  • CIDR: 20.192.0.0/10
  • NetName: MSFT
  • NetHandle: NET-20-192-0-0-1
  • Parent: NET20 (NET-20-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Microsoft Corporation (MSFT)
  • RegDate: 2017-10-18
  • Updated: 2021-12-14
  • Ref: https://rdap.arin.net/registry/ip/20.192.0.0
  • OrgName: Microsoft Corporation
  • OrgId: MSFT
  • Address: One Microsoft Way
  • City: Redmond
  • StateProv: WA
  • PostalCode: 98052
  • Country: US
  • RegDate: 1998-07-10
  • Updated: 2023-04-21
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • Comment: * https://cert.microsoft.com.
  • Comment:
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • Comment: * [email protected].
  • Comment:
  • Comment: For legal and law enforcement-related requests, please contact:
  • Comment: * [email protected]
  • Comment:
  • Comment: For routing, peering or DNS issues, please
  • Comment: contact:
  • Comment: * [email protected]
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgAbuseHandle: MAC74-ARIN
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
  • OrgTechHandle: IPHOS5-ARIN
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • OrgTechHandle: BEDAR6-ARIN
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • OrgTechPhone: +1-425-882-8080
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN

Links to attack logs

bruteforce-ip-list-2023-01-17 dosing-ssh-bruteforce-ip-list-2023-01-17 vultrmadrid-ssh-bruteforce-ip-list-2023-01-18