47.180.89.22 Threat Intelligence and Host Information

Share on:
Mar 28, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Malicious IP, Nextray, SSH, blacklist, brute-force, bruteforce, cowrie, cyber security, fail2ban, ioc, la, lafusioncenter, louisiana, malicious, phishing, scan, ssh, tcp, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: United States of America
  • Network: AS5650 frontier communications of america inc.
  • Noticed: 48 times
  • Protcols Attacked: SSH
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ableemr.com

Open Ports Detected

123 22 2345 443 5353 80 8080 9

CVEs Detected

CVE-2016-10002 CVE-2016-10003 CVE-2018-19131 CVE-2018-19132 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12522 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14058 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25097 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-46784 CVE-2022-41318

Map

Whois Information

  • NetRange: 47.136.0.0 - 47.181.255.255
  • CIDR: 47.160.0.0/12, 47.180.0.0/15, 47.144.0.0/12, 47.176.0.0/14, 47.136.0.0/13
  • NetName: FCC-212
  • NetHandle: NET-47-136-0-0-1
  • Parent: NET47 (NET-47-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Frontier Communications Corporation (FCC-212)
  • RegDate: 2015-08-28
  • Updated: 2015-08-28
  • Ref: https://rdap.arin.net/registry/ip/47.136.0.0
  • OrgName: Frontier Communications Corporation
  • OrgId: FCC-212
  • Address: 1400 E PHILLIPS BLVD
  • City: POMONA
  • StateProv: CA
  • PostalCode: 91766
  • Country: US
  • RegDate: 2015-04-02
  • Updated: 2021-05-03
  • Comment: Abuse complaints will only be responded to by the use of the abuse contact
  • Ref: https://rdap.arin.net/registry/entity/FCC-212
  • OrgTechHandle: ZF47-ARIN
  • OrgTechName: Frontier Communications
  • OrgTechPhone: +1-972-908-4105
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ZF47-ARIN
  • OrgRoutingHandle: HOSTM2146-ARIN
  • OrgRoutingName: Hostmaster
  • OrgRoutingPhone: +1-585-777-0949
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/HOSTM2146-ARIN
  • OrgAbuseHandle: ABUSE223-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-972-908-4105
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE223-ARIN

Links to attack logs

bruteforce-ip-list-2021-09-06 bruteforce-ip-list-2021-08-23 bruteforce-ip-list-2021-09-05 bruteforce-ip-list-2021-09-12