157.245.252.101 Threat Intelligence and Host Information

Share on:
Apr 07, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 157.245.252.101 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS14061 digitalocean llc
  • Noticed: 29 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: incfinances-api.joaopedrobeckland.dev latinsec19.rtfm-ctf.org

Malware Detected on Host

Count: 1 c27b64277c3d14b4c78f42ca9ee2438b602416f988f06cb1a3e026eab2425ffc

Open Ports Detected

10134 1025 1026 10443 10909 10911 1099 111 11371 1153 1521 16010 16030 161 175 1801 18081 18553 1883 1925 2008 2010 2087 21 2121 2122 22 2222 2323 2332 2761 2762 28017 30003 3001 3050 3062 311 32400 3260 340 3479 3551 3555 3689 37215 3749 3780 3793 389 443 4443 5001 5006 5009 5010 5201 52869 5357 5435 55443 5801 587 5900 593 5938 6002 6080 62078 636 6443 666 6697 70 7081 7434 7548 771 7779 7989 8000 8009 8060 8085 8086 81 8103 8139 8140 8200 8243 8333 8404 8413 8545 8585 8728 8802 8870 8889 9001 9009 9026 9027 9050 9100 9307 9443 9600 9943

Map

Whois Information

  • NetRange: 157.245.0.0 - 157.245.255.255
  • CIDR: 157.245.0.0/16
  • NetName: DIGITALOCEAN-157-245-0-0
  • NetHandle: NET-157-245-0-0-1
  • Parent: NET157 (NET-157-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS14061
  • Organization: DigitalOcean, LLC (DO-13)
  • RegDate: 2019-05-09
  • Updated: 2020-04-03
  • Comment: Routing and Peering Policy can be found at https://www.as14061.net
  • Comment:
  • Ref: https://rdap.arin.net/registry/ip/157.245.0.0
  • OrgName: DigitalOcean, LLC
  • OrgId: DO-13
  • Address: 101 Ave of the Americas
  • Address: FL2
  • City: New York
  • StateProv: NY
  • PostalCode: 10013
  • Country: US
  • RegDate: 2012-05-14
  • Updated: 2023-10-23
  • Ref: https://rdap.arin.net/registry/entity/DO-13
  • OrgNOCHandle: NOC32014-ARIN
  • OrgNOCName: Network Operations Center
  • OrgNOCPhone: +1-347-875-6044
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
  • OrgAbuseHandle: ABUSE5232-ARIN
  • OrgAbuseName: Abuse, DigitalOcean
  • OrgAbusePhone: +1-347-875-6044
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
  • OrgTechHandle: NOC32014-ARIN
  • OrgTechName: Network Operations Center
  • OrgTechPhone: +1-347-875-6044
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs

bruteforce-ip-list-2020-09-21 ** bruteforce-ip-list-2020-09-14 ** **