162.159.240.165 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 162.159.240.165 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1059.007 - JavaScript, T1070.003 - Clear Command History, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1147 - Hidden Users, T1497 - Virtualization/Sandbox Evasion

• Tags: a1mara, afro, agent, alexa, alexa top, apple, apple ios, army, artemis, azorult, bank, blacklist https, brashears, camera, cisco umbrella, connect, crypto, description sid, downldr, download, emotet, et tor, event category, exit, exploit, facebook, fuery, genkryptik, hacktool, heur, http traffic, iframe, iocs, isp stuff, july, june, known tor, malicious site, malicious url, malware, million, milum botnet, mimikatz, misc attack, misp, node traffic, opencandy, password, phishing, pornhub, powershell, presenoker, relayrouter, riskware, runescape, safe site, scanning_host, service, site, ssl certificate, suricata alerts, team, threat roundup, travel stuff, trojan, tsara, tsara brashears, tulach, union, unsafe, wacatac, webabo, websma, whois, whois record, whois whois

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 5 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: ns4.ns1.ns2.ns4.ns3.ns2.jomton.ru websearchfeedsearch.winnering.net winnering.net photos.ummat.net www.ummat.net modeltoycars.com ummat.net vast.winnering.net www.modeltoycars.com direct_pop.winnering.net securis.com www.securis.com motorbikeunderwriters.com colegioarautos.com.br www.providenthousing.com windkracht5.nl img.elbi.com providenthousing.com www.screaminpeach.com en.gaudiumpress.org www.345build.com.cdn.cloudflare.net playfors.com www.interiorsforbusiness.com www.interiorsforbusiness.com.cdn.cloudflare.net www.litecoin.org www.surreyendo.com www.crystalcoutureinc.com gaudiumpress.org litecoin.org es.gaudiumpress.org www.customstamps.com www.gaudiumpress.org www.anticensura.it hinoperu.com.pe www.hinoperu.com.pe www.345build.com www.dizzcloud.com dizzcloud.com st.dizzcloud.com download.litecoin.org screaminpeach.com

Malware Detected on Host

Count: 15 659de642c1fc123251e3e2a0c298dbc87a83dcc6f30048c137f1bb8c56b7cf90 501f119ffeea13f2f2f1c03e81723e037b6f84f7d58f6e363303f115cd5cf983 c0b5e1c4f2378971fbab65c5083fbe3556a44ad521c39f4a8ac93dde628cd7c3 ad25451d40364a3eab4ca56f8b9093723ca8fd67aa82da160f61ab440e92336d 2155a3a315194f5a861d66d1906c9a43060a5128193ecc13856c073a1a19d11c 6a616dde5e1a2aa6e1575aa14d7e05b7968e8e97ff3bd74b7f74d141667f113c fb4ca7ee18c917747c6189dc75c94b9b9728d2e469d532f8095789db81c76d04 1a36bb32b2fbce498881d1926142662eb86cb12c6e77eaf6b0407dd7a19b0c31 b563a65f1214b3d9a149977731b8e45dbbfacf8cbf5148a475b5cd98e1a69167 7ba6c810a6e53d1a15fc9843fa237f26fff6f2502c49ac0dfed059e6627e2b78

Open Ports Detected

2053 2082 2083 2086 2087 2096 443 80 8443 8880

Whois Information

• NetRange: 162.158.0.0 - 162.159.255.255
• CIDR: 162.158.0.0/15
• NetName: CLOUDFLARENET
• NetHandle: NET-162-158-0-0-1
• Parent: NET162 (NET-162-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2013-05-23
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/162.158.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-07-10