94.156.232.116 Threat Intelligence and Host Information

Jun 04, 2026 ipinfopage

General

IP Address

94.156.232.116

IPv4 Address

Location

🇧🇬 Sofia, Bulgaria

Network

AS43561

NET1 Ltd.

Threat Score

35/100

Medium Risk

2026-06-07abuseactive-attackanti-botaptblacklistblocklistBlocklist

Attack Intelligence

MITRE ATT&CK Techniques

T1595 - Active Scanning

Geographic Location

Country

Bulgaria

City

Sofia

Region

Sofia-Capital

Coordinates

42.6951, 23.3250

Network Information

ASN

AS43561

Organization

NET1 Ltd.

Network

AS43561 NET1 Ltd.

WHOIS Information

inetnum

94.156.232.0 - 94.156.232.255

netname

H2NEXUS

descr

H2.NEXUS Frankfurt Network

org

ORG-HL375-RIPE

country

admin-c

HL5106-RIPE

tech-c

HL5106-RIPE

mnt-domains

NEXUS-MNT

mnt-routes

NEXUS-MNT

status

ASSIGNED PA

mnt-by

NEXUS-MNT

created

2025-07-22T23:54:13Z

last-modified

2025-07-22T23:54:13Z

organisation

ORG-HL375-RIPE

org-name

H2NEXUS LTD

org-type

OTHER

address

71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

abuse-c

HL5106-RIPE

mnt-ref

MNT-NETERRA

role

H2NEXUS LTD

abuse-mailbox

abuse@h2.nexus

nic-hdl

HL5106-RIPE

route

94.156.232.0/24

origin

AS215730

Attack Logs

Date	Target Location	Protocol	Link
2026-05-31	Vultrtokyo	SSH	View Log

Country: Bulgaria
Network:
Noticed: 15 times
Protocols Attacked: portscan ssh telnet
Countries Attacked: China, Denmark, Germany, Norway, Russian Federation, Sweden, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: www.hearlesproffealres.click www.benseonnoasd.click cokyakindageliyoruz.com cokyakindabiliyorsunuz.com yakinlardayizamcalar.com kkyoldalargeliyorlar.com geliyoruzazkaldi.com benseonnoasd.click valicanetes.com garantisazcanes.com hearlesfarlesevovigo.click hearlesproffealres.click efecanitesmeris.com nicelardenis.com cokyakindahepinizi.com kkmocmndasd.click kmnndadskfkkf.space

Disclaimer

This page contains threat intelligence information for the IPv4 address 94.156.232.116 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.