206.189.154.79 Threat Intelligence and Host Information

Share on:
May 02, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Tags: Nextray, cyber security, ioc, malicious, phishing
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Singapore
  • Network: AS14061 digitalocean llc
  • Noticed: 33 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 1 cceaf14b2a2c945a8ec5289e08bb459d8d66c863c0b868cca069f7a1ad5398ae

Open Ports Detected

10000 1012 10134 1024 10250 1028 10443 106 1099 11 110 113 1153 12000 13 13579 1471 1521 179 18245 19071 1911 1951 1962 2008 2010 20256 2061 2063 2069 2080 2083 21 21025 2154 2376 2404 25 2552 25565 2558 264 27017 2761 2762 28015 28017 3001 3049 3052 3053 3057 3060 3068 3073 3076 3083 3095 3096 3102 3105 3116 3200 3269 3301 3307 3311 3333 3337 3388 3401 3403 3568 3570 37 3780 389 3910 3922 3952 4043 4063 4157 4242 427 4282 43 4321 44158 443 444 4444 447 449 4524 465 4664 4747 4840 4899 49 4911 50050 5009 5010 502 5025 5080 51106 5201 522 53 54138 5431 5542 5594 5595 5599 5605 5858 5909 593 5938 60001 6080 6161 62078 631 6443 6464 6550 6581 6600 6789 685 7000 7001 7444 7493 772 7777 79 7998 8009 801 8017 8038 8050 8052 8055 8057 8069 8087 8093 8095 8099 8106 8108 8110 8334 8401 8413 8416 8418 8419 8443 8444 8445 8446 8554 8623 8766 88 8801 8810 8816 8830 8834 8835 8839 8845 8853 8863 8867 8870 8875 8881 8889 8988 9003 9047 9050 9088 9091 9105 9109 9110 9160 9211 9221 9251 9295 9306 9445 9530 9595 96 9869 9944 999 9991 9997

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617

Map

Whois Information

  • NetRange: 206.189.0.0 - 206.189.255.255
  • CIDR: 206.189.0.0/16
  • NetName: DIGITALOCEAN-206-189-0-0
  • NetHandle: NET-206-189-0-0-1
  • Parent: NET206 (NET-206-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS14061
  • Organization: DigitalOcean, LLC (DO-13)
  • RegDate: 1995-11-15
  • Updated: 2020-04-03
  • Comment: Routing and Peering Policy can be found at https://www.as14061.net
  • Comment:
  • Ref: https://rdap.arin.net/registry/ip/206.189.0.0
  • OrgName: DigitalOcean, LLC
  • OrgId: DO-13
  • Address: 101 Ave of the Americas
  • Address: FL2
  • City: New York
  • StateProv: NY
  • PostalCode: 10013
  • Country: US
  • RegDate: 2012-05-14
  • Updated: 2022-05-19
  • Ref: https://rdap.arin.net/registry/entity/DO-13
  • OrgAbuseHandle: ABUSE5232-ARIN
  • OrgAbuseName: Abuse, DigitalOcean
  • OrgAbusePhone: +1-347-875-6044
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
  • OrgTechHandle: NOC32014-ARIN
  • OrgTechName: Network Operations Center
  • OrgTechPhone: +1-347-875-6044
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
  • OrgNOCHandle: NOC32014-ARIN
  • OrgNOCName: Network Operations Center
  • OrgNOCPhone: +1-347-875-6044
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs

bruteforce-ip-list-2021-06-28