178.218.165.214 Threat Intelligence and Host Information

Jun 11, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 178.218.165.214 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 52/100

Host and Network Information

  • Mitre ATT&CK IDs: T1036 - Masquerading, T1038 - DLL Search Order Hijacking, T1041 - Exfiltration Over C2 Channel, T1052.001 - Exfiltration over USB, T1415 - URL Scheme Hijacking

  • Tags: address, august, body length, cmd, contacted, december, dga malvertizing, dga parking, download, dtrack, execution, final url, ghost rat, headers, hijacker, historical ssl, http response, installer, kb body, malware, malware hosting, masquerading, monitoring, msie, nginx, october, parked domain, parking crew, raspberry robin, referrer, service, serving ip, sha256, ssl certificate, status code, threat roundup, whois record, worm

  • View other sources: Spamhaus VirusTotal

  • Country: Croatia
  • Network:
  • Noticed: 1 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 51 9be49e6a113caf6d461b0b255f128d59cf19ea834e678d49b449782838c4e859 b7803faecc3214500c4e120bbd0c553be6a750b3e05c128e58d50ede84087f4e fc4a0bed7b9e575eee16c5dbfe91aedaa27b894cdf3d2e04e20c6c6a3737a29c 3a5aa2f6293fd2f38fd5a85991524152352d348236e1f95abad257382ce898a3 c4825d21adc07564e94055ec0bd6e428a715a83835423ede233c6ac724d01e80 dd4e0dfea2981bda608e58eb9145f1bed078df5d089663446275edb617e4c5be f9cbae95a003e13cfff55ddbaa4260917584a73b1896463bd9db2a234acce23a fbd57ee2b60de3d3954461768a8e03cc78323d025c0e5f06192bb99b7f70ec9a c8ce580a68204b237216124a607b1a8a25249160b1f47869b1593ecbeaf76b22 dfd9505fa6fa15f7c7ec247c175b4c812125861f180013956ec7781f1fedf0a1

Map

Links to attack logs

****** ****** ******

Share on: