112.213.89.38 Threat Intelligence and Host Information

Jun 04, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 112.213.89.38 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 75/100

Host and Network Information

Mitre ATT&CK IDs: T1012 - Query Registry, T1018 - Remote System Discovery, T1027.002 - Software Packing, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1043 - Commonly Used Port, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1071.001 - Web Protocols, T1071.004 - DNS, T1094 - Custom Command and Control Protocol, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1204 - User Execution, T1215 - Kernel Modules and Extensions, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1583.005 - Botnet, TA0003 - Persistence, TA0005 - Defense Evasion, TA0011 - Command and Control
Tags: aaaa, acint, active threat, adblock pro, address, addtopayload, adload, a domains, agent, alerts, alexa, alexa top, algorithm, alina, all octoseek, all search, amazonaes, analysis date, andromeda, api blog, apple ios, applicunwnt, april, artemis, as15169 google, as16625 akamai, as20940, as2914 ntt, as3257 gtt, as46606, as54113, as54990, as6185 apple, as62597 nsone, as62729, as6453 tata, as6461 zayo, as714 apple, as7843 charter, asyncrat, athena, attack, attention, august, auto-generated security, available from, av detections, awful, backdoor, bambernek, bambernek gen, bambernek simda, banco, bandoo, bank, behav, betabot, bitrat, blacklist, blacklist http, blacklist https, black-sea.net, body, body length, bouvet island, bradesco, C2, cbe cnalphassl, cins active, cisco umbrella, citadel, ck id, ck matrix, cleaner, clicklocal.co.uk, cloudflarenet, cobalt strike, code, coinminer, com laude, command_and_control, commerce, communicating, conduit, cong ty, contacted, contacted urls, copy, copyright, core, country, crack, creation date, crypto, cyber criminal, cyber stalking, cyber threat, cymulate, daniel struttard, data, database, date, dat ngoc, dau tu, december, deepscan, de indicators, detection list, dexter, docs pricing, document, domain, domains, domains ii, downldr, download, downloader, dropped, dropper, email, emotet, encrypt, engineering, entries, et cins, execution, expiration date, exploit, facebook, fakealert, falcon sandbox, february, filehash, filerepmetagen, files, filetour, file type, final url, firehol, first, formbook, for privacy, found, fraudsters, g2 oglobalsign, general full, genkryptik, germany unknown, get h2, gmbh version, goldfinder, goldmax, graph summary, gvb gelimed, hacktool, hallrender, hash, hashes, hashes hashes, hawkeye, headers, herapo.net, herapo.vn, heur, historical ssl, hostname, hostnames, http, http response, ids detections, iframe, indexww.com, info, infy, inmortal, installcore, intellectual property theft, internet storm, iocs, ip address, ip reputation, ip summary, ip tcp, ireland unknown, issuer, j490s6lkpppw, jackpos, january, jpeg, june, kb body, keylogger, kraken, lfqprnkje8dni0, linkid252669, location united, lockbit, login, loki, main, makop, maliciosa, malicious, malicious file transfers, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, march, matsnu, maui ransomware, mb super, million, mirai, mon jul, moved, ms word, name servers, name verdict, nanocore, network, neutrino, next, nircmd, njrat, no data, none related, november, number, nxdomain, nymaim, october, open, opencandy, optimizer, otx octoseek, passive dns, paste, patcher, pcgamer7, phase, phishing, phishing site, phishtank, pjp3sltkz, plasma, please, pony, poor reputation, porn, premium, presenoker, probe, problems, protocol h2, public key, pulse pulses, pulse submit, pykspa, qakbot, ramnit, ransomware, record type, record value, redline stealer, referrer, registrar abuse, relacionada con, related pulses, replication, reputation ip, resolutions, resource, reverse dns, riskware, roundup, safe site, sality, sample, samples, scan endpoints, scheme, search, search live, sebastian clark, security tls, self, server, servers, service, serving ip, sha256, show, showing, sibot, simda, site, slingshot, smsspy, snatch, software, spitmo, spyeye, spyware, ssl certificate, startpage, status code, stealer, steam, submitters, summary, summary iocs, suppobox, swrort, systweak, tag count, tags none, target, targeting, team, threat, threat network, threat report, threat roundup, threats et, tiggre, tnhh quan, tracking, trojan, trojanspy, tsara brashears, ttl value, tulach, twitter, type name, union, united, united kingdom, unknown, unruy, unsafe, url analysis, url collection, url http, urls, urls http, urls https, url summary, urls url, utc submissions, v3 serial, validity, vawtrak, virtool, virut, vskimmer, wacatac, warbot, webtoolbar, whitelisted, whois record, whois whois, wide, win32, win32mydoom feb, win64, working for ru cn ???, worm, xrat, xtrat, xtreme, yara detections, zbot, zeus
View other sources: Spamhaus VirusTotal
Contained within other IP sets: hphosts_emd, hphosts_fsa, hphosts_pha, hphosts_psh

Country: Vietnam
Network:
Noticed: 6 times
Protocols Attacked: SSH
Countries Attacked: Canada, United States of America

Malware Detected on Host

Count: 247 6030a32f015259cc43be3289ed5e6af1407c2e92529a39439e72ab7330fe320c b647092d1858ddd2efa9ee3e184e7c9dde96d7500c7e15957ce157f09de9666c 8b4c8ba8b64e070ebd0467dd79c96f9cba7da04e355269beedddadb212be13ae 09df7a0231963b874f3acb7ee8057e7c1a27a2deff70c74c2d0dea6c8c53d2b6 6e1dfb7e148dcdb82d6fbde066c35181cb4016bca814d84c037ac4c0f92b496c 8ce6c1f5f24b53c4f34fe46d41d719ffec50a08dae2d3dd42837cea2e162a0f4 8887cb397e68e47be3ded3e6a6e036a6433d0e6250ba71e2418893bad10894a7 c891e712544286a962e895116be166da2738a5edc669c78d147c6c7a206cd99b c93488991085a925ba3e4e06cf523cf4aed881bc41a08ef5b7b734351473a6d3 9def46a4d06cc6f51fb3b5505752e68f9fcd98430d1e4c108f7fb8f2f2fbea46

Open Ports Detected

Map

Whois Information

inetnum: 112.213.80.0 - 112.213.95.255
netname: SUPERDATA-VN
descr: SUPER ONLINE DATA JOINT STOCK COMPANY
descr: 196 Nguyen Dinh Chieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
country: VN
admin-c: PTTL3-AP
tech-c: PTTL3-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-VN-VNNIC
mnt-lower: MAINT-VN-VNNIC
mnt-routes: MAINT-VN-VNNIC
mnt-irt: IRT-VNNIC-AP
last-modified: 2024-12-21T09:09:52Z
irt: IRT-VNNIC-AP
address: Ha Noi, VietNam
phone: +84-24-35564944
fax-no: +84-24-37821462
e-mail: hm-changed@vnnic.vn
abuse-mailbox: hm-changed@vnnic.vn
admin-c: NTTT1-AP
tech-c: NTTT1-AP
mnt-by: MAINT-VN-VNNIC
last-modified: 2017-11-08T09:40:06Z
person: Pham Thi Thuy Linh
address: SUPERDATA-VN
country: VN
phone: +84-28-73035777
e-mail: info@superdata.vn
nic-hdl: PTTL3-AP
mnt-by: MAINT-VN-VNNIC
last-modified: 2018-04-11T01:50:18Z
route: 112.213.89.0/24
origin: AS45544
descr: Vietnam Internet Network Information Center (VNNIC)
mnt-by: MAINT-VN-VNNIC
last-modified: 2022-03-01T12:19:52Z

Links to attack logs

****** ****** ******

Share on: