104.131.68.23 Threat Intelligence and Host Information

Share on:

Mar 12, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing, T1137 - Office Application Startup, T1535 - Unused/Unsupported Cloud Regions, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1550 - Use Alternate Authentication Material, T1553 - Subvert Trust Controls, T1555 - Credentials from Password Stores, T1557 - Man-in-the-Middle, T1559 - Inter-Process Communication, T1562 - Impair Defenses, T1566 - Phishing, T1598 - Phishing for Information, T1602 - Data from Configuration Repository, T1606 - Forge Web Credentials
Tags: Brute-Force, Bruteforce, Nextray, SSH, Telnet, a particular, a659 x509v3, a82743287, a89e x509v3, algorithm, alienvault, amvzwg, android open, any kind, apache, apache license, armv7 processor, armv8 processor, as is, asn1 oid, assurance ev, attack, authority, authority ecc, authority rsa, b2 x509v3, basis, bb3468 x509v3, bd x509v3, binaries, bogomips, branch, bsd2clause, bsd3clause, bseoe6fuwg, bunny, ca g1, ca g2, ca g3, ca root, ca subject, ca v1, ca validity, ca x3, ca2 subject, ca2 validity, cde subject, cde validity, center, centre root, cert, certificacio, certificate, certification, ces validity, cif a62634068, class, class gold, cnaccvraiz1, cnamazon root, cnautoridad, cnbuypass class, cnca disig, cncertinomis, cncertplus root, cncfca ev, cnchambers, cnclass, cncomodo ecc, cncomodo rsa, cndigicert high, cndst root, cndtrust root, cnecacc subject, cnentrust root, cngo daddy, cnhongkong post, cnhotspot, cnisrg root, cnmicrosec, cnnetlock arany, cnoiste wisekey, cnquovadis root, cnsecure global, cnsonera class2, cnstaat der, cnstarfield, cnszafir root, cntrustcor eca1, cntubitak kamu, cntwca global, cntwca root, cnusertrust ecc, cnusertrust rsa, cnxramp global, code, commerce root, copyright, cowrie, cpu implementer, cpu part, cpu revision, cpu variant, crl sign, cyber security, d0 x509v3, d6 x509v3, daddy group, david, db21 x509v3, defaultcdrom, direct, dirname, disables, division, driver, drw5visp, e64f x509v3, e7 x509v3, e84e54 x509v3, ec1 validity, ecc rootca, ecc subject, ecc validity, ee x509v3, ef grep, entrust, ev rootca1, except, fa8658 x509v3, february, fnmtrcm subject, format, full name, g2 subject, g2 validity, g3 subject, g3 validity, g4 subject, g4 validity, g5 subject, g5 validity, ga ca, gb ca, generator, global root, gmbh, gmt subject, google, grep, grep vn, gvfsmtpm, id root, identifier, ihnzbm8m9yop5w, info, ioc, issuer, june, kamu sm, key algorithm, key identifier, key info, key usage, kocaeli, kok sertifikasi, kurumu, kwbqbm0, lankara, lathens, lbratislava, lbudapest, lgebze, lhouston, library name, license, license name, licensor, limited, link, ljersey city, lmadrid, lmilan, login, lpanama city, lsalford, lscottsdale, malicious, media driver, merkezi, mtpdrive, nederlanden, nederlanden ev, negative, neither, netraw netadmin, network, network ca, nif q0801176i, number, oac camerfirma, oaccv, oaddtrust ab, oaffirmtrust, oamazon, oatos, obaltimore, ocertinomis, ocertplus, ocertsign, ocomodo ca, ocybertrust, odhimyotis, odigicert inc, odtrust gmbh, oentrust, ofnmtrcm, oglobalsign, oguang dong, ohongkong post, oidentrust, okrajowa izba, okue6n36b9k, oopentrust, open threat, or conditions, osecom trust, osonera, ostaat der, ostarfield, oswisssign ag, otaiwanca, othawte, othe go, othe usertrust, otrustcor, ou0002, ouac raiz, oucertification, oucertsign root, oucopyright, oucybertrust, ouepki root, ougo daddy, ouhttp, oupkiaccv, ouroot ca, ousee, outrustis fps, ouvegeu https, overisign, ovisa, owfa hotspot, owisekey, oxramp security, phishing, please, prgetnonewprivs, primary ca, private key, public key, public primary, qt websockets, qt widgets, r2 validity, r5 root, research group, root, root ca, root g2, root g3, root g4, root r1, root r2, root subject, root validity, rootca, rootca1 subject, rootca2 subject, rsa validity, s8streetavda, sa cif, scanner, sector root, services, signature trust, sm ssl, software, source project, ssh, starizona, stnew jersey, stpanama, sttexas, subject key, subject public, t1055 f62, tink, tls web, tppdpfquww, true x509v3, trust root, ttp network, uboot, unknown, unless, usbdrive, validity, verisign, version, work, x1 subject, x1 validity, x509v3 subject, zetx2fnxlrtizye, ztecdrom
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_de, blocklist_de_ssh, haley_ssh
Country: United States of America
Network: AS14061 digitalocean llc
Noticed: 50 times
Protcols Attacked: ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

22 27017

CVEs Detected

CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6303 CVE-2016-7055 CVE-2016-8610 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-0739 CVE-2018-5407 CVE-2019-1547 CVE-2019-1551 CVE-2019-1552 CVE-2019-1559 CVE-2019-1563 CVE-2020-1968 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 CVE-2021-3712 CVE-2021-4160 CVE-2022-0778 CVE-2022-1292 CVE-2022-2068 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286

Map

Whois Information

NetRange: 104.131.0.0 - 104.131.255.255
CIDR: 104.131.0.0/16
NetName: DIGITALOCEAN-104-131-0-0
NetHandle: NET-104-131-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2014-06-02
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Ref: https://rdap.arin.net/registry/ip/104.131.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs