156.238.100.212 Threat Intelligence and Host Information

Dec 16, 2024 ipinfopage

General

IP Address
156.238.100.212
IPv4 Address
Location
🇭🇰 Hong Kong
HK
Network
AS134548
DXTL Tseung Kwan O Service
Threat Score
65/100
High Risk
bruteforceBruteforceBrute-Forcecowriemalicioussftpssh
Attack Intelligence
MITRE ATT&CK Techniques
T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Open Ports Detected
22
Geographic Location
Country
Hong Kong
City
Unknown
Region
Unknown
Coordinates
22.2578, 114.1657
Network Information
ASN
AS134548
Organization
DXTL Tseung Kwan O Service
Network
AS134548 DXTL Tseung Kwan O Service
WHOIS Information
NetRange
156.238.0.0 - 156.238.255.255
CIDR
156.238.0.0/16
NetName
AFRINIC-ERX-156-238-0-0
NetHandle
NET-156-238-0-0-1
Parent
NET156 (NET-156-0-0-0-0)
NetType
Transferred to AfriNIC
OriginAS
Organization
African Network Information Center (AFRINIC)
RegDate
2004-05-17
Updated
2015-05-04
Comment
The African & Indian Ocean Internet Registry
Ref
https://rdap.arin.net/registry/entity/AFRINIC
OrgName
African Network Information Center
OrgId
AFRINIC
Address
Lot 19, Cybercity
City
Ebene
StateProv
PostalCode
Country
MU
OrgTechHandle
GENER11-ARIN
OrgTechName
Generic POC
OrgTechPhone
+230 4666616
OrgTechEmail
abusepoc@afrinic.net
OrgTechRef
https://rdap.arin.net/registry/entity/GENER11-ARIN
Attack Logs
Date Target Location Protocol Link
2024-12-06 Singapore SSH View Log

  • Country: Hong Kong
  • Network:
  • Noticed: 17 times
  • Protocols Attacked: ssh
  • Countries Attacked: Australia

Malware Detected on Host

Count: 1 5ccfe1030a7ffa132e4b4192af5d97c8d7218580ff8b5cbe0762dc2a6ab9ddac

CVEs Detected

CVE-2023-46724 CVE-2023-46728 CVE-2023-46846 CVE-2023-46847 CVE-2023-46848 CVE-2023-49285 CVE-2023-49286 CVE-2023-49288 CVE-2023-50269 CVE-2023-5824 CVE-2024-23638 CVE-2024-45802

Disclaimer
This page contains threat intelligence information for the IPv4 address 156.238.100.212 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.