151.236.14.178 Threat Intelligence and Host Information

Share on:
May 06, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 151.236.14.178 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1499.002 - Service Exhaustion Flood
  • Tags: DDOS, DDoS, HEAD Floods, KillNet, Killnet, T1498, T1499, cc.py

  • View other sources: Spamhaus VirusTotal

  • Country: Netherlands
  • Network: AS43350 nforce entertainment b.v.
  • Noticed: 21 times
  • Protcols Attacked: Anonymous Proxy

Malware Detected on Host

Count:

Open Ports Detected

10000 10001 10134 10243 10443 10554 11000 11112 11210 11211 11300 11371 12000 123 1337 14147 14265 16992 17000 18081 18245 19000 19071 20000 22 3128 3129 3221 3260 3268 3269 3299 3301 3306 3310 3333 3388 3389 3400 3403 3404 3408 3409 3410 3412 3443 3503 3521 3542 3549 3550 3551 3554 3556 3559 3560 3561 3562 3563 3566 3567 3569 3689 3690 3780 3790 3838 3910 3922 4000 4001 4002 4022 4040 4042 4043 4063 4064 4100 4117 4118 4190 4200 4242 4243 4282 4321 4433 4443 4482 4500 4505 4506 4523 4524 4550 4567 4646 4664 4700 4734 4782 4786 4808 4840 4848 4899 4911 4949 4999 5000 5004 5005 5006 5007 5009 5010 5025 5070 5090 5122 5150 5172 5201 5222 5269 5280 5321 5357 5431 5432 5443 5454 5555 5560 5568 5569 5592 5593 5594 5597 5598 5601 5602 5605 5606 5672 5673 5800 5822 5858 5900 5906 5908 5909 5910 5938 5984 5985 6000 6001 6002 6005 6009 6010 6080 6161 6262 6363 6379 6443 6464 6503 6543 6550 6560 6581 6590 6602 6605 6633 6650 6653 6664 6666 6667 6668 6697 6789 6998 7001 7002 7004 7005 7010 7014 7071 7081 7170 7171 7218 7401 7415 7433 7444 7465 7474 7535 7547 7548 7634 7654 7676 7776 7777 7779 7887 7979 7989 7998 7999 80 8001 8002 8003 8005 8006 8008 8009 8010 8015 8018 8019 8023 8025 8028 8029 8030 8031 8032 8034 8035 8036 8037 8038 8039 8041 8042 8043 8044 8046 8047 8053 8055 8057 8058 8060 8064 8066 8069 8080 8081 8082 8085 8086 8087 8089 8090 8091 8095 8096 8098 8099 8101 8103 8105 8106 8109 8110 8111 8112 8118 8123 8126 8139 8140 8180 8181 8182 8190 8200 8222 8238 8239 8248 8251 8282 8291 8333 8334 8401 8402 8405 8409 8410 8414 8415 8419 8420 8425 8427 8428 8431 8443 8444 8447 8448 8500 8545 8554 8575 8586 8602 8621 8637 8649 8663 8666 8728 8733 8765 8766 8779 8782 8784 8787 8788 8789 8791 8800 8801 8802 8804 8808 8810 8811 8812 8813 8814 8818 8819 8820 8821 8822 8825 8828 8829 8830 8831 8833 8835 8837 8838 8839 8843 8844 8845 8846 8847 8849 8850 8853 8857 8862 8863 8865 8867 8870 8871 8873 8874 8879 8880 8887 8888 8889 8890 8899 8935 8969 8988 8993 8999 9000 9001 9002 9004 9008 9011 9012 9016 9017 9018 9022 9023 9024 9027 9028 9030 9034 9035 9037 9042 9043 9044 9045 9046 9050 9051 9070 9080 9088 9090 9091 9092 9093 9094 9095 9096 9098 9100 9103 9104 9105 9107 9108 9110 9111 9119 9151 9160 9189 9191 9199 9200 9205 9206 9209 9212 9213 9214 9215 9216 9217 9221 9295 9301 9302 9303 9304 9306 9307 9389 9418 9443 9444 9445 9527 9530 9595 9600 9606 9663 9690 9743 9761 9765 9800 9869 9876 9943 9944 9950 9990 9993 9998 9999

CVEs Detected

CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12522 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527 CVE-2019-12528 CVE-2019-12529 CVE-2019-12854 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14058 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25097 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-46784 CVE-2022-41318

Map

Whois Information

  • NetRange: 151.0.0.0 - 151.255.255.255
  • CIDR: 151.0.0.0/8
  • NetName: RIPE-ERX-151
  • NetHandle: NET-151-0-0-0-0
  • Parent: ()
  • NetType: Early Registrations, Maintained by RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 1993-05-01
  • Updated: 2009-05-18
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/151.0.0.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • inetnum: 151.236.14.0 - 151.236.14.255
  • netname: EDIS-NL-NET
  • descr: EDIS Infrastructure in the Netherlands
  • country: NL
  • geoloc: 52.3676 4.9041
  • geofeed: https://www.edis.at/geofeed.txt
  • language: NL
  • org: ORG-EG44-RIPE
  • admin-c: EDIS-AT
  • tech-c: EDIS-AT
  • status: ASSIGNED PA
  • mnt-by: EDIS-MNT
  • mnt-routes: MNT-NFORCE
  • created: 2013-02-21T17:05:07Z
  • last-modified: 2022-12-06T15:36:11Z
  • organisation: ORG-EG44-RIPE
  • org-name: EDIS GmbH
  • country: AT
  • org-type: LIR
  • address: Hauptplatz 3/3
  • address: 8010
  • address: Graz
  • address: AUSTRIA
  • phone: +43316827500300
  • fax-no: +43316827500777
  • admin-c: GK2
  • admin-c: ISAT
  • mnt-ref: EDIS-MNT
  • mnt-ref: MELBICOM-MNT
  • mnt-ref: NINE-MNT
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: EDIS-MNT
  • abuse-c: EDIS-AT
  • created: 2011-08-10T14:08:22Z
  • last-modified: 2021-02-03T07:58:56Z
  • role: EDIS GmbH - Noc Engineer
  • address: EDIS GmbH, Hauptplatz 3/3, 8010, GRAZ, Austria
  • address: http://www.edis.at
  • phone: +43 316 827500300
  • admin-c: EDIS-RIPE
  • admin-c: GK2
  • admin-c: ISAT
  • tech-c: EDIS-RIPE
  • tech-c: ISAT
  • abuse-mailbox: [email protected]
  • nic-hdl: EDIS-AT
  • mnt-by: EDIS-MNT
  • created: 2011-08-12T07:29:38Z
  • last-modified: 2016-04-08T06:50:42Z
  • route: 151.236.14.0/24
  • descr: EDIS - 151.236.14.0/24
  • descr: Routed by NFOrce Entertainment BV
  • origin: AS43350
  • mnt-by: MNT-NFORCE
  • created: 2013-02-24T21:54:44Z
  • last-modified: 2013-02-24T21:54:44Z

Links to attack logs

roxy-ip-list-2023-05-03 roxy-ip-list-2023-05-05