157.240.26.35 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 157.240.26.35 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1056.001 - Keylogging, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1210 - Exploitation of Remote Services, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1485 - Data Destruction, T1491.001 - Internal Defacement, T1560 - Archive Collected Data, T1602.001 - SNMP (MIB Dump), TA0011 - Command and Control

• Tags: accept, address, adware, agent, alexa, alexa top, amazon 02, apple, applicunwnt, artemis, ascii text, attacker, azorult, bank, blacklist, blacklist https, blacknet rat, body length, cisco umbrella, ck id, class, cleaner, click, cobalt strike, collections, contacted, contacted urls, count blacklist, crack, critical, crypto, cve201711882, cyber threat, date, deepscan, detection list, DNS_PROBE_STARTED, downldr, download, downloader, efr1, emotet, error, execution, exploit, facebook, fareit, file, final url, firm, font format, fusioncore, generator, genkryptik, genpack, goldfinder, goldmax, heur, historical ssl, http response, https://boxofporn.com, hybrid, iframe, illegal, indicator, insurance, ip summary, kb body, legal entities, local, magazine, malicious, malicious site, malicious url, maltiverse, malware, malware site, metro, million, mimikatz, mitm, mitre att, mobigame, monitoring, opencandy, parent domain, pattern match, PAYPAL phishing, phish, phishing, Phishing Bank of America Corporation, Phishing eBay Inc, Phishing Facebook, Phishing Indeed, Phishing Internal Revenue Service, Phishing Netflix, Phishing RuneScape, phishing site, Phishing Wells Fargo, phishtank, PhisSafe, Phtarget unspecified phishing, pmejdjsu12, presenoker, privilege, quasar rat, redline stealer, referrer, remote, resolutions, revenge, riskware, Royal Bank of Scotland, runescape, safe site, sample, samples, self, service, serving ip, sha256, siblings domain, sibot, site, ssl certificate, status code, stealer, stream, strings, summary, suspicious, tag count, team, tower, trojan, trojanspy, truetype, tsara brashears, united, unknown, unsafe, url summary, wacatac, web open, whois record, win64, windows nt, worm, xrat, xtrat, xtreme, zbot

• JARM: 27d27d27d00000000041d43d00041dcd947229d467ddf1b9b05cf29440ee27

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS32934 facebook inc.
• Noticed: 2 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America
• Passive DNS Results: angelaonfacebook.com fbsbx.com fb.me fbcdn.net fb.com star-mini.c10r.facebook.com m.facebook.com facebook.com www.facebook.com

Malware Detected on Host

Count: 768 cf9cf39f511870cf1c03897df267d9aff4c56fca2b966891ff14641bc6143ad6 cd34758800f83a5ad7d6c50264afb20864bc8da93e6f30dcff4e17c66b337bb6 360f2e3390808a7d73751675872544708721a7701c134e04cdb4d1fda701d0f1 2d25c3b230c53895a5e0b1b5de056d68cb9ae802416cefc672c5fb77dddf4a30 faf2ccd3002fad3a56e5f0224112a968db065d22159ab1c78b8c5659eea4b027 f265a246ad84fd9013020fbd64e85b2e50baa83878bc624277eedcb6d3017e9e 5024b189809fad79cf7a9164be7fb3796f6c6f0b35d8205398c9bac9474f9d1c abbf8b049eb87fe1a648e60eb8adc73049ea678a077e59e8834cb4459a100c47 47cb4d3b6f6ab5ddc225c4d77699e4bccd0ea395929b61184cc33d7637f0b823 d2e5ebab9335c30b66fbb11edacd401178b2c722470548f563b3ef7d2710d74d

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 157.240.0.0 - 157.240.255.255
• CIDR: 157.240.0.0/16
• NetName: THEFA-3
• NetHandle: NET-157-240-0-0-1
• Parent: NET157 (NET-157-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Facebook, Inc. (THEFA-3)
• RegDate: 2015-05-14
• Updated: 2021-12-14
• Ref: https://rdap.arin.net/registry/ip/157.240.0.0
• OrgName: Facebook, Inc.
• OrgId: THEFA-3
• Address: 1601 Willow Rd.
• City: Menlo Park
• StateProv: CA
• PostalCode: 94025
• Country: US
• RegDate: 2004-08-11
• Updated: 2024-02-14
• Ref: https://rdap.arin.net/registry/entity/THEFA-3
• OrgAbuseHandle: OPERA82-ARIN
• OrgAbuseName: Operations
• OrgAbusePhone: +1-650-543-4800
• OrgAbuseEmail: noc@fb.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/OPERA82-ARIN
• OrgTechHandle: OPERA82-ARIN
• OrgTechName: Operations
• OrgTechPhone: +1-650-543-4800
• OrgTechEmail: noc@fb.com
• OrgTechRef: https://rdap.arin.net/registry/entity/OPERA82-ARIN

Links to attack logs

****** ****** ******