159.223.61.49 Threat Intelligence and Host Information

Share on:

Apr 07, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 159.223.61.49 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

Mitre ATT&CK IDs: T1110 - Brute Force
Tags: bruteforce, Bruteforce, cyber security, ioc, malicious, Nextray, phishing, SSH
JARM: 2ad2ad0002ad2ad00042d42d00000000f78d2dc0ce6e5bbc5b8149a4872356
View other sources: Spamhaus VirusTotal
Country: Singapore
Network: AS14061 digitalocean llc
Noticed: 34 times
Protocols Attacked: ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: e2e-dbaas-mongodb-lvmvy-d46a92fb.mongo.ondigitalocean.com

Open Ports Detected

22 443 80

CVEs Detected

CVE-2007-3205 CVE-2008-0462 CVE-2008-1731 CVE-2008-1792 CVE-2008-2629 CVE-2008-4633 CVE-2008-4710 CVE-2008-5996 CVE-2008-5998 CVE-2008-5999 CVE-2008-6020 CVE-2008-6134 CVE-2008-6135 CVE-2008-6137 CVE-2008-6383 CVE-2008-6413 CVE-2008-6835 CVE-2008-6836 CVE-2008-6908 CVE-2008-6909 CVE-2008-6910 CVE-2008-6972 CVE-2008-7150 CVE-2008-7151 CVE-2009-0382 CVE-2009-0817 CVE-2009-0818 CVE-2009-1035 CVE-2009-1036 CVE-2009-1037 CVE-2009-1047 CVE-2009-1069 CVE-2009-1249 CVE-2009-1342 CVE-2009-1343 CVE-2009-1344 CVE-2009-1501 CVE-2009-1505 CVE-2009-1507 CVE-2009-1823 CVE-2009-2074 CVE-2009-2075 CVE-2009-2076 CVE-2009-2077 CVE-2009-2078 CVE-2009-2079 CVE-2009-2083 CVE-2009-2237 CVE-2009-2291 CVE-2009-2370 CVE-2009-2371 CVE-2009-2572 CVE-2009-2610 CVE-2009-3121 CVE-2009-3122 CVE-2009-3156 CVE-2009-3157 CVE-2009-3206 CVE-2009-3207 CVE-2009-3210 CVE-2009-3350 CVE-2009-3351 CVE-2009-3353 CVE-2009-3354 CVE-2009-3363 CVE-2009-3435 CVE-2009-3437 CVE-2009-3442 CVE-2009-3479 CVE-2009-3488 CVE-2009-3568 CVE-2009-3648 CVE-2009-3650 CVE-2009-3651 CVE-2009-3652 CVE-2009-3653 CVE-2009-3654 CVE-2009-3656 CVE-2009-3657 CVE-2009-3778 CVE-2009-3779 CVE-2009-3780 CVE-2009-3782 CVE-2009-3783 CVE-2009-3784 CVE-2009-3785 CVE-2009-3786 CVE-2009-3914 CVE-2009-3915 CVE-2009-3916 CVE-2009-3917 CVE-2009-3918 CVE-2009-3919 CVE-2009-3920 CVE-2009-3921 CVE-2009-3922 CVE-2009-4042 CVE-2009-4043 CVE-2009-4044 CVE-2009-4061 CVE-2009-4062 CVE-2009-4063 CVE-2009-4064 CVE-2009-4065 CVE-2009-4066 CVE-2009-4119 CVE-2009-4207 CVE-2009-4296 CVE-2009-4429 CVE-2009-4513 CVE-2009-4514 CVE-2009-4515 CVE-2009-4516 CVE-2009-4517 CVE-2009-4518 CVE-2009-4520 CVE-2009-4524 CVE-2009-4525 CVE-2009-4526 CVE-2009-4527 CVE-2009-4528 CVE-2009-4532 CVE-2009-4533 CVE-2009-4534 CVE-2009-4557 CVE-2009-4558 CVE-2009-4559 CVE-2009-4602 CVE-2009-4771 CVE-2009-4772 CVE-2009-4773 CVE-2009-4829 CVE-2009-4990 CVE-2009-5096 CVE-2010-0370 CVE-2010-0697 CVE-2010-0752 CVE-2010-1074 CVE-2010-1107 CVE-2010-1108 CVE-2010-1303 CVE-2010-1358 CVE-2010-1362 CVE-2010-1530 CVE-2010-1536 CVE-2010-1539 CVE-2010-1543 CVE-2010-1584 CVE-2010-1958 CVE-2010-1976 CVE-2010-1984 CVE-2010-1998 CVE-2010-2000 CVE-2010-2001 CVE-2010-2002 CVE-2010-2030 CVE-2010-2048 CVE-2010-2123 CVE-2010-2125 CVE-2010-2158 CVE-2010-2352 CVE-2010-2353 CVE-2010-2724 CVE-2010-3423 CVE-2010-4519 CVE-2010-4520 CVE-2010-4521 CVE-2010-4775 CVE-2010-4813 CVE-2010-5312 CVE-2011-0899 CVE-2011-1066 CVE-2011-1661 CVE-2011-1662 CVE-2011-1663 CVE-2011-1664 CVE-2011-4113 CVE-2011-4560 CVE-2011-5030 CVE-2012-0914 CVE-2012-1056 CVE-2012-1057 CVE-2012-1060 CVE-2012-2056 CVE-2012-2339 CVE-2012-2340 CVE-2012-2341 CVE-2012-2907 CVE-2013-0205 CVE-2013-2220 CVE-2015-9251 CVE-2015-9253 CVE-2017-7272 CVE-2017-7963 CVE-2017-8923 CVE-2017-9120 CVE-2018-19395 CVE-2018-19396 CVE-2019-11358 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9641 CVE-2019-9675 CVE-2020-11022 CVE-2020-11023 CVE-2020-11579 CVE-2020-13672 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-25271 CVE-2022-25275 CVE-2022-31628 CVE-2022-31629 CVE-2023-31250

Map

Whois Information

NetRange: 159.223.0.0 - 159.223.255.255
CIDR: 159.223.0.0/16
NetName: DO-13
NetHandle: NET-159-223-0-0-1
Parent: NET159 (NET-159-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2020-11-03
Updated: 2020-11-03
Ref: https://rdap.arin.net/registry/ip/159.223.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2023-10-23
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs

** dolondon-ssh-bruteforce-ip-list-2022-12-06 ** **