159.65.226.34 Threat Intelligence and Host Information

Nov 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 159.65.226.34 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: brute force, Bruteforce, Brute-Force, cowrie, info, notice, portscan, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS14061 digitalocean llc
  • Noticed: 6 times
  • Protocols Attacked: ssh
  • Countries Attacked: Australia, Poland, Sweden
  • Passive DNS Results: 159-65-226-34.ipv4.nknlabs.io simplilearn17.tk 159.65.226.34

Open Ports Detected

10000 10001 102 1023 1024 104 110 11000 111 11112 11210 11211 113 11300 1200 1234 1311 1337 135 1400 1414 1433 1521 1604 1723 1741 1801 1911 1925 1926 1935 2000 2002 21 2121 22 221 2222 23 2323 2332 2404 25 26 3001 311 3117 3128 3301 3306 3310 3389 3408 3541 3542 4000 4001 4022 4040 4242 427 4321 443 4433 4506 4840 4911 5000 5001 5005 5006 5007 5009 5010 502 5025 503 515 5201 5222 5432 5435 5601 5800 5801 5900 5901 5907 5938 6000 6001 6002 631 636 6633 7001 7218 7634 80 8000 8001 8009 8010 8028 8105 8112 8123 8126 8139 8140 8200 8333 8334 8420 8443 88 8834 9000 9002 9009 902 9042 9100 9200 9203 9306 9307 9311 9418 9530 9600 9800 9999

CVEs Detected

CVE-2006-20001 CVE-2007-4723 CVE-2009-0796 CVE-2009-2299 CVE-2011-1176 CVE-2011-2688 CVE-2012-3526 CVE-2012-4001 CVE-2012-4360 CVE-2013-0941 CVE-2013-0942 CVE-2013-2765 CVE-2013-4365 CVE-2019-17567 CVE-2020-11984 CVE-2020-11993 CVE-2020-13938 CVE-2020-13950 CVE-2020-1927 CVE-2020-1934 CVE-2020-35452 CVE-2020-9490 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522 CVE-2023-31122 CVE-2023-45802 CVE-2024-27316 CVE-2024-38474 CVE-2024-38476 CVE-2024-38477 CVE-2024-40898

Map

Whois Information

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2024-11-07

Share on: