178.162.212.214 Threat Intelligence and Host Information

Oct 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 178.162.212.214 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

Mitre ATT&CK IDs: T1012 - Query Registry, T1023 - Shortcut Modification, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1040 - Network Sniffing, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1129 - Shared Modules, T1204 - User Execution, T1480 - Execution Guardrails, T1566 - Phishing, T1568 - Dynamic Resolution
Tags: address, a domains, agent tesla, amadey, amazon02, android, as16509, as701 verizon, as9318 sk, ascii text, asn16509, asn as16509, august, australia asn, authority, avast avg, belarus, bittorrent dht, blacklist host, bladabindi, body, button, canada, certificate, cisa, ck id, click, cloud provider, command, copy, copy md5, copy sha1, copy sha256, cvss, cvss base, cyberpower, cyber security, dadobra, data upload, date, date hash, ddos, defense evasion, delete, delphi, destination, dns resolutions, domain, domainpath name, domains, downfall, downloader, entries, error, evasion att, execution, extraction, file defense, files, files ip, files location, files show, first, flag united, form, gafgyt, general, general full, header value, high, history https, hostile, hostname, http, hybrid, informative, intel, ioc, ip address, ipv4, journal, june, kb5029244, kb5029263, knight, label, l data, learn, less whois, light, local, location united, look, lowfi, malicious, malware, malware url, media, medium, merlin, microsoft, mirai, mitre att, montreal, moved, mozilla, ms windows, name tactics, next, next associated, Nextray, njw0rm, none indicator, nsisinetc, null, page url, palantir, passive dns, patch tuesday, path, pattern match, pe32, persistence, phishing, please, port, present aug, present dec, present feb, present jul, present jun, present may, protocol h2, pulse pulses, pulse submit, qakbot, qbot, rats, read c, record value, refresh, regdword, registrar, regopenkeyexa, regsetvalueexa, related nids, related tags, remember, restart, returnur, reverse dns, rhysida, screenshot, script urls, search, security tls, segoe ui, self, servers, service, sha1, sha256, show, showing, show technique, skidmap, skidmap linux, software envoy, south korea, span, spawns, sqlite rollback, statc, status, strings, suspicious, sydney, t1480 execution, title login, tools, type, ukraine, united, unknown, unknown ns, unknown related, url add, url analysis, url http, url https, urls, value, verify, virtool, week rank, whirlpool, win32, win64, windows, windows nt, write, write c, xworm, yashma
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, greensnow

Country: Germany
Network:
Noticed: 50 times
Protocols Attacked: SSH
Countries Attacked: Belarus, Bulgaria, Canada, China, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America, Viet Nam
Passive DNS Results: servsscrme.direct.quickconnect.to pentester02.duckdns.org 434864347.ddnsfree.com 434864347.casacam.net yntra.org servicepoint.duckdns.org infoprokaps.ddns.net remuxer.tandt-web.de server.tandt-web.de dico.is-saved.org 434864347.com mge-04071973.direct.quickconnect.to mge1910.myds.me niraj.direct.quickconnect.to timairvpn.ddns.net yirkkiller2.direct.quickconnect.to yirkkiller2.synology.me xchilogs.duckdns.org regiskm67.buyshouses.net neverdiemosole.thruhere.net neverdiemosole.is-a-doctor.com dico.homelinux.net dico.is-a-liberal.com roxy.dynalias.net roxy.is-by.us dico.is-a-hard-worker.com nvdiedico.knowsitall.info imagine.here-for-more.info airiets563.myqnapcloud.com

Malware Detected on Host

Count: 6 15b81b131cf07cb810a573b408c035be5db5f13c4c5d671e5c7fd760e5652955 d451c050d133282912736f5413039065caad06b72b7853914c44404b6a254766 03c376f93694b16411d767bd648451d76eb1e472511a96c421a9e50089cb239b 266a8be2a5bdf60322a3c47d4ccf4fbbb890bd9f92233e55303a99738a819cae 53ffde1e3d8edea727cbf724e3365bc3e701c7a46603720193f80fa15a1b4439 cd713fecc02b6337bcd779166bd159e02f629c4cbee2079df76f0453b86ff77c

Map

Whois Information

inetnum: 178.162.208.0 - 178.162.215.255
netname: Leaseweb
descr: Leaseweb Deutschland GmbH
descr: CDN-DE
country: DE
admin-c: LSWG-RIPE
tech-c: LSWG-RIPE
status: ASSIGNED PA
mnt-by: LEASEWEB-DE-MNT
mnt-lower: LEASEWEB-DE-MNT
mnt-routes: LEASEWEB-DE-MNT
created: 2012-01-09T08:11:53Z
last-modified: 2015-10-01T15:04:41Z
person: RIPE Mann
address: Kleyerstrasse 75-87
address: 60326 Frankfurt am Main
address: Germany
phone: +49 69 2475 2860
fax-no: +49 69 2475 2861
nic-hdl: LSWG-RIPE
mnt-by: LEASEWEB-DE-MNT
created: 2012-03-23T15:55:41Z
last-modified: 2025-07-17T12:58:23Z
route: 178.162.192.0/18
origin: AS28753
mnt-by: LEASEWEB-DE-MNT
created: 2016-11-14T07:54:33Z
last-modified: 2016-11-14T07:54:33Z

Links to attack logs

****** ****** ******

Share on: