166.239.34.152 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 166.239.34.152 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 17 times
• Protocols Attacked: portscan ssh
• Countries Attacked: Finland, France, Germany, Poland, United States of America
• Open Ports: 1723, 2000, 22, 2332, 554, 8000, 8001, 9000, 9191, 9443
• Tor Node: No

Tags

• 01.10.2025
• 2025
• 2026-02
• aaaa
• aaaa nxdomain
• account stealer
• acpimofresource
• addpo
• addportmapping
• adversary in the middle
• alerts
• all scoreblue
• a nxdomain
• as20446
• as22394 verizon
• as6167 verizon
• as8068
• as8075
• asnone
• asnone united
• ate hash
• Automated
• b file
• binbusybox
• binsh binsh
• binsh c
• block id
• brian sabey
• brute force
• bruteforce
• Bruteforce
• cachecontrol
• cape
• city
• cloudflare
• cname
• contained
• contentlength
• copy
• country
• create
• created binsh
• creation date
• cry kill
• cve201717215
• date
• default
• destination
• devftwdt101
• devsda1 devsda2
• digital ocean
• dock
• domain
• domain http
• domains
• emails
• entries
• e procselffd9
• eternalblue
• et exploit
• et trojan
• eva120
• execution
• expiration date
• exploit
• exploit none
• files
• files deleted
• file system
• file type
• formbook
• gafgyt
• generic
• get http
• graph
• hallrender
• hashes
• hdaudiomofname
• h devsda2
• header intel
• hiddentear
• high
• hitmen
• HoneyNet Connect
• host
• hostname
• httponly
• http requests
• huawei hg532
• huawei remote
• i lo
• info compiler
• installer
• intel
• ip detections
• ip traffic
• ipv4
• ireland unknown
• javascript
• jody alaska
• jody huffines
• json
• kernel context
• language
• libmultipath
• link library
• logic
• loudoun county
• malware
• malware worm
• mb graph
• mb pe
• mcics
• memory pattern
• miniigd upnp
• mirai
• mitm
• mitre att
• modify system
• modules
• mofresource
• mofresourcename
• msie
• ms visual
• ms windows
• name md5
• name servers
• net174
• net1740000
• nethandle
• network
• newenabled
• newexternalport
• newinternalport
• newprotocol
• newremotehost
• next
• nids
• ns nxdomain
• nxdomain
• OpenCTI
• orgdnshandle
• orgdnsref
• passive dns
• password bypass
• pe32 executable
• pegasus related
• pe resource
• p m0755
• port
• portscan
• postalcode
• posts
• processes tree
• process t1543
• products id
• pulse submit
• query
• ransom
• ransomworm
• rce
• realtek sdk
• recon
• referrer
• registry
• registry keys
• r english
• request
• response
• rf cum
• runtime modules
• samesitelax
• scan endpoints
• scanners
• search
• service
• settingswpad
• shell commands
• show
• showing
• skynet
• smbds ipc
• smugglers gambit
• soa nxdomain
• soap command
• sp6 build
• spyware
• sreredrum
• ssh
• stateprov
• status
• summary
• suspicious
• swipp
• swipp9-arin
• swipper
• switch dns
• systemd service
• t1059
• t1064 executes
• ta0002 command
• ta0004 create
• target tsara brashears
• text
• type
• united
• united kingdom
• unknown
• url analysis
• urls
• varrunsshd
• verizon
• vs98
• vultr
• wannacry
• wannacry kill
• whitelisted
• whois lookups
• win16 ne
• win32 dynamic
• win32 exe
• windows nt
• wirelessdatanetwork
• write
• yara detections
• yara rule

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1064 - Scripting
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1110 - Brute Force
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1158 - Hidden Files and Directories
• T1185 - Man in the Browser
• T1518 - Software Discovery
• T1543 - Create or Modify System Process
• T1557 - Man-in-the-Middle
• T1571 - Non-Standard Port

Attack Log References

• digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-30
• digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-30
• vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-26

Whois Information