20.83.164.193 Threat Intelligence and Host Information

Share on:
May 30, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 20.83.164.193 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

layout: post title: “20.83.164.193 Threat Intelligence and Host Information” category: ipinfopage date: 2023-05-30 14:48:00 UTC —

General

This page contains threat intelligence information for the IPv4 address 20.83.164.193 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, SSH, cowrie, ssh
  • View other sources: Spamhaus VirusTotal

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, SSH, cowrie, ssh

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS8075 microsoft corporation
  • Country: United States
  • Network: AS8075 microsoft corporation
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Noticed: 1 times
  • Protcols Attacked: ssh

Map

Map

Whois Information

Whois Information

  • NetRange: 20.33.0.0 - 20.128.255.255
  • CIDR: 20.34.0.0/15, 20.128.0.0/16, 20.48.0.0/12, 20.64.0.0/10, 20.33.0.0/16, 20.40.0.0/13, 20.36.0.0/14
  • NetRange: 20.33.0.0 - 20.128.255.255
  • NetName: MSFT
  • NetHandle: NET-20-33-0-0-1
  • Parent: NET20 (NET-20-0-0-0-0)
  • NetType: Direct Allocation
  • CIDR: 20.64.0.0/10, 20.33.0.0/16, 20.128.0.0/16, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15
  • OriginAS:
  • Organization: Microsoft Corporation (MSFT)
  • NetName: MSFT
  • RegDate: 2017-10-18
  • NetHandle: NET-20-33-0-0-1
  • Updated: 2021-12-14
  • Ref: https://rdap.arin.net/registry/ip/20.33.0.0
  • Parent: NET20 (NET-20-0-0-0-0)
  • OrgName: Microsoft Corporation
  • OrgId: MSFT
  • NetType: Direct Allocation
  • Address: One Microsoft Way
  • OriginAS:
  • City: Redmond
  • StateProv: WA
  • Organization: Microsoft Corporation (MSFT)
  • PostalCode: 98052
  • Country: US
  • RegDate: 2017-10-18
  • RegDate: 1998-07-10
  • Updated: 2023-04-21
  • Updated: 2021-12-14
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • Ref: https://rdap.arin.net/registry/ip/20.33.0.0
  • Comment: * https://cert.microsoft.com.
  • Comment:
  • OrgName: Microsoft Corporation
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • Comment: * [email protected].
  • OrgId: MSFT
  • Comment:
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • Address: One Microsoft Way
  • Comment: * [email protected].
  • City: Redmond
  • Comment:
  • Comment: For legal and law enforcement-related requests, please contact:
  • StateProv: WA
  • Comment: * [email protected]
  • Comment:
  • PostalCode: 98052
  • Comment: For routing, peering or DNS issues, please
  • Country: US
  • Comment: contact:
  • Comment: * [email protected]
  • RegDate: 1998-07-10
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgAbuseHandle: MAC74-ARIN
  • Updated: 2023-04-21
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • OrgTechHandle: BEDAR6-ARIN
  • Comment: * https://cert.microsoft.com.
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • Comment:
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • OrgTechHandle: IPHOS5-ARIN
  • Comment: * [email protected].
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • Comment:
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • Comment: * [email protected].
  • OrgTechPhone: +1-425-882-8080
  • Comment:
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
  • Comment: For legal and law enforcement-related requests, please contact:
  • Comment: * [email protected]
  • Comment:
  • Comment: For routing, peering or DNS issues, please
  • Comment: contact:
  • Comment: * [email protected]
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • OrgTechPhone: +1-425-882-8080
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
  • OrgTechHandle: IPHOS5-ARIN
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • OrgTechHandle: BEDAR6-ARIN
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • OrgAbuseHandle: MAC74-ARIN
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2023-05-29

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2023-05-29