IOC Radar
IPMediumSignal 0/100

192.157.56.139

Location
United StatesUnited States
Buffalo, New York
ASN
AS55286
ServerMania Inc
First Seen
May 14, 2025
Last Seen
May 10, 2026
May 14
First Seen
401d ago
May 10
Last Seen
40d ago
2
Reports
source reports
0%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionBuffalo, New York
ASNAS55286
OrganizationServerMania Inc

Feed Intelligence Summary

2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
networkproxyresearched

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenMay 14, 2025
Last seenMay 10, 2026
GeolocationUS
CountryUnited States
LocationBuffalo, New York
ASNAS55286
OrgServerMania Inc
Coords42.8867, -78.8927

VirusTotal

Not checked

WHOIS

description
Imported indicator
raw
NetRange: 192.157.48.0 - 192.157.63.255 CIDR: 192.157.48.0/20 NetName: B2-NET-SOLUTIONS NetHandle: NET-192-157-48-0-1 Parent: NET192 (NET-192-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: B2 Net Solutions Inc. (BNS-34) RegDate: 2012-10-22 Updated: 2020-10-14 Ref: https://rdap.arin.net/registry/ip/192.157.48.0 OrgName: B2 Net Solutions Inc. OrgId: BNS-34 Address: 205-1040 South Service Road City: Stoney Creek StateProv: ON PostalCode: L8E 6G3 Country: CA RegDate: 2011-10-24 Updated: 2024-11-25 Comment: https://servermania.com Ref: https://rdap.arin.net/registry/entity/BNS-34 ReferralServer: rwhois://whois.servermania.com:4321 OrgAbuseHandle: NOC33347-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-716-745-4678 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC33347-ARIN OrgTechHandle: NOC13339-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-716-745-4678 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC13339-ARIN OrgNOCHandle: NOC13339-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-716-745-4678 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC13339-ARIN OrgAbuseHandle: NOC13339-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-716-745-4678 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC13339-ARIN RAbuseHandle: ABUSE8009-ARIN RAbuseName: Abuse Department RAbusePhone: +1-647-846-0310 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8009-ARIN
references
https://offers.Tethered to target iPhone - T-mobile.com/tethering/upsell.do, Kawaii-Unicorn.exe, IDS Detections: Win32/Unruy Rogue Search Host Observed | Yara Detections: EnigmaProtector, High Priority Alerts: infostealer_cookies persistence_autorun procmem_yara static_pe_anomaly, High Priority Alerts: suricata_alert antivm_bochs_keys physical_drive_access, Priority Alerts: physical_drive_access dynamic_function_loading resumethread_remote_process, Priority Alerts: enumerates_running_processes reads_self network_http, Priority Alerts: packer_entropy antidebug_ntsetinformationthread injection_rwx, Priority Alerts: createtoolhelp32snapshot_module_enumeration packer_unknown_pe_section_name, High Priority Alerts IDS: Backdoor.Darpapox/Jaku • CNAME CnC Beacon (WinVer 6.1), High Priority Alerts IDS: ADWARE/InstallCore.Gen Checkin • Adware.InstallCore.B Checkin, High Priority Alerts IDS: Arkei Stealer • Config Download Request Vidar/Arkei Stealer Client Data Upload • 192.157.56.140, High Priority Alerts IDS: Potentially Unwanted Application AirInstaller CnC Beacon Backdoor.Win32.Hupigon.dpgy Checkin, High Priority Alerts IDS: Possible Win32/Hupigon ip.txt with a Non-Mozilla UA • 192.157.56.140, High Priority Alerts IDS: Suspicious Zipped Filename in Outbound POST Request (Passwords.log) M2 • 192.157.56.140, High Priority Alerts IDS: Win32/Spigot Activity Potentially Unwanted Application AirInstaller • 192.157.56.140, High Priority Alerts IDS: • 199.59.243.228, High Priority Alerts IDS: Win32.Renos/Artro Trojan Checkin M1 Garveep POST CnC Beacon • 199.59.243.228, High Priority Alerts IDS: Best-targeted-traffic.com Spyware Install • 199.59.243.228, High Priority Alerts IDS: Win32.AdWare.iBryte.C Install Win32/Scudy.A Checkin • 199.59.243.228, High Priority Alerts IDS: iebaru Spyware User Agent Win32/Snojan Variant Uploading EXE • 199.59.243.228, High Priority Alerts IDS: (iebar) Dropper Checkin 2 (often scripts.dlv4.com related) • 199.59.243.228, High Priority Alerts IDS: Downloader (P2P Zeus dropper UA) Zeus Bot Connectivity Check • 199.59.243.228, https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing. • www.anyxxxtube.net •, ai-fairness-360.dev-lfprojects5.linuxfoundation.org •-ran-sc.dev-lfprojects5.linuxfoundation.org, [Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.1) / Jacuz /Mimikatz] continues…., [iRegarding - Serving IPs: 192.157.56.141 & 192.157.56.140 for http://tagram.com/ & continues, http://titkok.com/ Final URL: http://survey-smiles.com/ | URL that may infect its visitors with malware. (DigitalMistica)], URL that may infect its visitors with malware. Last 4 references (DigitalMistica)], TrojanSpy:Win32/Nivdort.DE, ALF:HeraklezEval:TrojanDownloader:Win32/Unruy!rfn: FileHash-SHA256 00018d13f451300fb839123dfbf2d8607da0e7b1c89ae1bfbb9946ac79c1663c, IDS Detections: Win32/Unruy Rogue Search Host Observed 1, Yara Detections: Nrv2x , UPX_OEP_place , UPX_Modified_Or_Inside , UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser , UPXv20MarkusLaszloReiser, Alerts: nids_malware_alert network_icmp persistence_autorun, https://www.virustotal.com/graph/g9129f585ee254a23b14740ca557138f568f2a28a06144de38590315f5d66df10, https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z, qbot.zip, imp.fusioninstall.com, https://mylegalbid.com/malwarebytes, 192.185.223.216 | 192.168.56.1 [malware], http://45.159.189.105/bot/regex, https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null, http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf, xhamster.comyouporn.com, cams4all.com, watchhers.net, weconnect.com, icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net, http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe, init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com, Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com, https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music, https://www.songculture.com/tsara-lynn-brashears-music, https://www.anyxxxtube.net/search-porn/tsara-brashears/, youramateuporn.com, ns2.abovedomains.com, ww16.porn-community.porn25.com, https://totallyspies.1000hentai.com/tag/clover-porn/, pirateproxy.cc, [email protected] | piratepages.com, 838114.parkingcrew.net, static-push-preprod.porndig.com, www.redtube.comyouporn.com, https://severeporn-com.pornproxy.page/, https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend, yoursexy.porn | indianyouporn.com, source-6.youporn.express | source-6.sexpornsource.com hostname source-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com, cdn.pornsocket.com, http://secure.indianpornpass.com/track/hotpornstuff, www.anyxxxtube.net, https://twitter.com/PORNO_SEXYBABES, http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo, campaign-manager.sharecare.com, qa.companycam.com, https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1, 24-70mm.camera, dropboxpayments.com, http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org, http://xred.mooo.com, https://sexgalaxy.net/tag/rodneymoore/, http://alive.overit.com/~schoolbu/badmood3.exe, jimgaffigan.com, choco.exe, media-router-fp74.prod.media.vip.bf1.yahoo.com, https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector?hs_amp=true, httphttp://security.didici.cc/cves://www.sentinelone.com/anthology/ragnar-locker/, http://security.didici.cc/cve, https://whois.domaintools.com/gov1.info, https://nsa.gov1.info/utah-data-center/, https://github.com/cowrie/cowrie, Cowrie (honeypot) - Wikipedia, https://www.fortinet.com/blog/threat-research/ransomware-roundup-ragnar-locker-ransomware, fr.excelworld.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 2 threat reports