156.242.198.173 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 156.242.198.173 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 9/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS132839 power line datacenter
• Noticed: 1 times
• Protcols Attacked: SSH
• Passive DNS Results: 55223333.com sv7b.icu hk2k.icu t8bk.icu wps2.icu a8rq.icu mwk9.icu ib5u.icu p9ah.icu hn7k.icu gr5z.icu qb6a.icu pk9t.icu or7v.icu 7deu.icu 7qoe.icu 5dbe.icu ks1j.icu fvt2.icu rl9d.icu x7bt.icu ay3b.icu a8fd.icu ce3s.icu dyg1.icu c8ts.icu m6lx.icu pu9e.icu oc6n.icu zl6u.icu o9fw.icu z5rs.icu nw8x.icu u1nz.icu om1n.icu urr1.icu fw3s.icu rnm1.icu 5pre.icu fc2d.icu kh3p.icu 6lwj.icu 3qco.icu k7zh.icu xeosgo.icu wtkerr.icu dfrwlj.icu vtfnyp.icu gwmlue.icu sxchnp.icu s3j5d7.icu sfnvtl.icu sjlhpj.icu mhehoe.icu umbtwl.icu uqyqmf.icu idpbmj.icu 8mdp.icu piugnl.icu yhnnav.icu pn37b8.icu pdndbd.icu bajdci1.icu jmafpz.icu osfscc.icu olhbnu.icu odcwjn.icu ehdeuy.icu es6h.icu nuvqwl.icu niushao19.icu rxkgil.icu rmhojr.icu fjywmq.icu fhnpnw.icu

Malware Detected on Host

Count: 2 12c813a662d4cc9230bb13c207e4a30b10ef6e1972dd0d5fed8c3e88b619889b 578525bbc3b03b7e1fbc4ec8f0dc549a9aca2948e5ff93dad8cf010f9038b995

Open Ports Detected

80

CVEs Detected

CVE-2021-3618

Map

Whois Information

• NetRange: 156.242.0.0 - 156.242.255.255
• CIDR: 156.242.0.0/16
• NetName: AFRINIC-ERX-156-242-0-0
• NetHandle: NET-156-242-0-0-1
• Parent: NET156 (NET-156-0-0-0-0)
• NetType: Transferred to AfriNIC
• OriginAS:
• Organization: African Network Information Center (AFRINIC)
• RegDate: 2010-11-03
• Updated: 2010-11-17
• Comment: This IP address range is under AFRINIC responsibility.
• Comment: Please see http://www.afrinic.net/ for further details,
• Ref: https://rdap.arin.net/registry/ip/156.242.0.0
• OrgName: African Network Information Center
• OrgId: AFRINIC
• Address: Level 11ABC
• Address: Raffles Tower
• Address: Lot 19, Cybercity
• City: Ebene
• StateProv:
• PostalCode:
• Country: MU
• RegDate: 2004-05-17
• Updated: 2015-05-04
• Comment: AfriNIC - http://www.afrinic.net
• Comment: The African & Indian Ocean Internet Registry
• Ref: https://rdap.arin.net/registry/entity/AFRINIC
• OrgAbuseHandle: GENER11-ARIN
• OrgAbuseName: Generic POC
• OrgAbusePhone: +230 4666616
• OrgAbuseEmail: abusepoc@afrinic.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/GENER11-ARIN
• OrgTechHandle: GENER11-ARIN
• OrgTechName: Generic POC
• OrgTechPhone: +230 4666616
• OrgTechEmail: abusepoc@afrinic.net
• OrgTechRef: https://rdap.arin.net/registry/entity/GENER11-ARIN