Notable Threat
IP 185.156.73.166 is a moderate-to-high-risk address originating from Ukraine that has been flagged in 2,518 abuse reports, predominantly for port-scanning activity against Cisco ASA firewall infrastructure. With a threat level of 7 out of 10 and a 76 percent confidence score, this IP presents a clear and documented reconnaissance threat to exposed network perimeter devices. The address was first reported in August 2025 and most recently documented in April 2026, indicating sustained hostile probing over approximately eight months. Although activity frequency is currently rated at zero out of ten, the sheer volume of historical reports establishes this as a persistently problematic source that warrants continued monitoring or permanent blocking.
All 2,518 reports attributed to this IP originated from automated honeypot sensors, which detected systematic CiscoASA port scan and probe patterns targeting exposed firewall management interfaces. The network is registered to FOP Dmytro Nedilskyi under ASN AS211736 in Ukraine. The consistent focus on Cisco ASA appliances is notable, as these devices are frequently deployed as enterprise perimeter firewalls and VPN concentrators. The absence of current activity (activity frequency 0/10) combined with a last report date of April 2026 suggests either the scanning campaign has paused or detection coverage has shifted, but does not indicate the threat has been neutralized. Historical patterns of this nature typically resume from different infrastructure or under new management.
Port scanning represents a critical early stage of targeted attacks, enabling threat actors to map exposed services, identify unpatched vulnerabilities and plan subsequent intrusion attempts. When scans specifically target Cisco ASA devices, the risk escalates considerably because these appliances often handle VPN tunnels, remote access and external-facing authentication. A successful reconnaissance profile of an ASA device could expose opportunities for exploiting known vulnerabilities, brute-forcing management interfaces or identifying misconfigured access-control rules. The scale and duration of scanning activity from IP 185.156.73.166 indicates deliberate, automated rather than incidental probing.
MX 
CA 
UZ 
RO 
GB 
BD