IOC Radar
IPMediumSignal 55/100

144.208.127.155

Location
United StatesUnited States
New York, NJ
ASN
AS395092
Shock Hosting LLC
First Seen
Oct 27, 2023
Last Seen
Jun 9, 2026
Oct 27
First Seen
962d ago
Jun 9
Last Seen
5d ago
7
Reports
source reports
55%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionNew York, NJ
ASNAS395092
OrganizationShock Hosting LLC

Feed Intelligence Summary

7 reports55% confidence
7
Source reports
55%
Confidence score
Category tags
abcdoorabuseaccessactive scanai phishingalienvault_ransomwareaptasiaautonomous attackavastaws credential replaybad reputationbianlianblastbluenoroffbrute forcec2c2s ipcheck pointchina aptcloudflare workers egresscommand & controlcredential stuffingcredential-stealerdata-exfiltrationdata-extortiondprkeducationengineeringexploitation activityhackingidentity & access exploitationikev1indicatorinfostealeriot securitylateral movementllm agentmalwaremarimo rcemobile accessnation-state activitynetworknorth americaokta credential theftphishingpost-exploitationqilinqilin linuxransomwareremote accessresearchresearchedsaas extortionscannershinyhunterssilver foxsso phishingtacticstaiwantax phishingthreat actorthreat-intelligenceunc6661unc6671united statesusutg-q-1000valleyratvishingvpn remote

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
7
Reports
First seenOct 27, 2023
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationNew York, NJ
ASNAS395092
OrgShock Hosting LLC
Coords40.5511, -74.4606

VirusTotal

Not checked

WHOIS

description
Attacker IP in Check Point VPN zero-day campaign — confirmed IOC from Rapid7 and Check Point SK185033 advisory.
raw
NetRange: 144.208.124.0 - 144.208.127.255 CIDR: 144.208.124.0/22 NetName: SH-335 NetHandle: NET-144-208-124-0-1 Parent: NET144 (NET-144-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Shock Hosting LLC (SH-335) RegDate: 2016-05-18 Updated: 2021-12-10 Ref: https://rdap.arin.net/registry/ip/144.208.124.0 OrgName: Shock Hosting LLC OrgId: SH-335 Address: 371 Hoes Lane, Suite 200 City: Piscataway StateProv: NJ PostalCode: 08854 Country: US RegDate: 2014-11-21 Updated: 2020-09-26 Ref: https://rdap.arin.net/registry/entity/SH-335 OrgAbuseHandle: ABUSE4915-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-732-812-8024 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4915-ARIN OrgNOCHandle: NOC32119-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-732-812-8022 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32119-ARIN OrgTechHandle: SUPPO1542-ARIN OrgTechName: Support Department OrgTechPhone: +1-732-812-8022 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SUPPO1542-ARIN
references
https://www.decryptiondigest.com, https://redacted.com/blog/bianlian-ransomware-gang-continues-to-evolve/?&web_view=true, https://redacted.com/blog/bianlian-ransomware-gang-continues-to-evolve/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 5 days ago
Appeared in 7 threat reports