185.134.245.113 Threat Intelligence and Host Information

Oct 18, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 185.134.245.113 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1045 - Software Packing, T1046 - Network Service Scanning, T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1114 - Email Collection, T1119 - Automated Collection, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1147 - Hidden Users, T1211 - Exploitation for Defense Evasion, T1480 - Execution Guardrails, T1595.001 - Scanning IP Blocks

  • Tags: 33, accept, a domains, adversaries, a file, Alberta, alerts, alive thailand, analysis date, apache, apache x, ascii text, auto-generated security, av detections, benefits, body doctype, cape, certificate, Certificates, checkin, checks, checks adapter, checks system, ck id, ck matrix, click, cname, command, contacted, contact us, content type, copy, customercare, defense evasion, denver highmark, domain, dominet, download, dynamic, dynamicloader, email, emails, encrypt, entries, eregec4, exe upload, file monitor, files, file score, files domain, files location, files related, flag united, gbdyllo, gecko, general, generic http, gmt etag, gmt server, GovAB, high, high automated, highest, host, hosting, hostname, hostname add, hourly rl, html public, http, https, ids detections, inbound, informative, ip address, ipv4, ipv4 add, json, kgs0, khtml, kl0hsy, kls0, learn, local, Malcerts, malware, markus, md5 add, medium, meta, mitre att, modified, moved, mpgph131 hr, mpgph131 lg, mtb sep, name servers, name tactics, next, next associated, ollydbg, onlogon rl, openurl c, outbound, passive dns, path, pattern match, pe file, pe section, powered, prefetch2, process monitor, public folder, pulse pulses, pulses none, pulse submit, queue security, reads, record value, recycle bin, related nids, related tags, residential, reverse dns, script begin, script script, script urls, search, servers, show, Speader, suspicious, t1057, t1480 execution, themida, title, trojan, trojandropper, UAlberta, united, url add, url analysis, urls, users, win32upatre sep, win64, windir, windows, windows nt, write, write c, xml title, x tec, yara detections, yara signature

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_emd, hphosts_fsa, hphosts_psh

  • Country: Norway
  • Network:
  • Noticed: 9 times
  • Protocols Attacked: SSH
  • Countries Attacked: Anguilla, Aruba, Bahamas, Barbados, Canada, Georgia, Guatemala, Ireland, Japan, Kenya, Mexico, Netherlands, Panama, Philippines, Poland, Sint Maarten (Dutch part), Slovakia, Tanzania United Republic of, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: domener.net www.domener.net www.skandale.party www.ettervern.store varcella.eu www.dintillitsvalgt.online www.mhfoto.online www.bbilpleie.online www.saferdrive.online www.ettervern.online onsagers-acapo.no everinvest.uk www.everinvest.uk www.dropndone.online jakobslivegen1.no www.biobed.site xn–lipdembehandling-nxb.no www.fakturamal.online www.sunde1952.online www.amharisktolketjenester.no bestebil.com ballerina-music.com verktoyvogna.no www.groflegacynorway.org www.neksus.org www.fodetro.online www.sofieeiendom.online www.digredata.online bergenalarm.no www.skykompis.online www.elgounanext.com www.katengros.online www.skills4pilots.store batsiden.no www.matretter.online www.julparoros.com www.idrettstrening.online www.grovtre.online www.the-pilots.store www.brightvideo.cloud nbcc.no www.kreasaga.online ec-play.ch www.ec-play.ch www.softfab.site www.beyond-the-edda.com amateaudio.shop www.amateaudio.shop www.nxtreporting.online www.verdandeeiendom.online www.sulisfjellet.com www.timeorigo.com www.cheffihub.com www.ladymolecule.com www.velforening.com www.visveien.online www.aiviter.online www.sundveien11.no sundveien11.no www.fossvann.com www.fossmineralvannn.com vinda.uk www.nyhagen.tech www.vinda.uk www.amate-audio.shop amate-audio.shop www.digitalsovreignity.org www.byengla.com www.nancyyema.com www.mintfoto.online www.crazydays.online www.plombero.com www.inforze.com www.shklinikken.online www.kernal.online www.coasters2k.com www.emegleren.net bananatree.no lasardina.no www.vindrose.online www.alphamoddelivery.com www.consea.uk krannvann.no ytteroylam.no www.softfab.online aniki.no autohire.no www.veerleronsse.site www.julroros.com sonjalee.no sigstadmoen.no 100pctright.dk amateaudio.store synkr.no candydogz.no ctaqx.tech bjarte.tech threelayerapproach.store xn–familiesammenfring-t4b.store soulandambition.store oksnoen.store theaogwilliam.store midelldigital.store srpskikoreni.no hybr.site hybr.shop helved1992.org meaningprotocol.org 1etg.online skandieducator.online contributiongraph.org lightfestival.online velora.ooo fosensmak.online hsky.online forumbekkestua.online xn–kommuneopprr-5jb.online aplas.online denlilleviking.online hyggehelse.online bekkestuaforum.online xn–kx-1ia.online sikkerhetsbelysning.online xn–familiesammenfringdanmark-ttc.online forumbaerum.online skjbygg.online kulturkonsortiet.online lilleviking.online barnekarusell.online ferievilla.online helved1992.online idya.online h-cloud.online h-sky.online xn–henrietteschnbergerken-hjc.online erken.online metavoli.online tommeras.online rikeauto.online steinkjerfilmklubb.online xn–familiesammenfringidanmark-8wc.online sussauna.online grussalg.online baerumforum.online myssabackyard.online bestebil.online hjernebarken.online bedriftsagent.online lynki.online ctaqx.online xn–slbrok-jua.online xn–barnelpkarusell-bub.online perfectfitsystue.online hjerteklinikkeniharstad.online gammacephei.net pconx.net corecanvas.net www.sinfulview.com kvetta.cloud meaningprotocol.app meaninglayer.app xn–familiesammenfringidanmark-8wc.com highkitesconsult.com meaningprotocol.com xn–familiesammenfringdanmark-ttc.com helved1992.com midelldigital.com xn–familiesammenfring-t4b.com ebutshafu.com ecotidegroup.com roxiewilder.com energicontainer.com akklimatisering.com busemekk.no ctaqx.com arne-klein.eu sisteprofet.com theaogwilliam.com evsnorway.no bo12borettslag.no senseglobalhealth.eu hobosheim.eu makronlykke.no kihus.se dokumaker.se bidflow.eu umscom.no doyourdaily.com xn–elvirakonomi-0jb.com elviraokonomi.com lyslolabs.com nobelbetrayal.com psykiskmestring.com nobel-betrayal.com innistudio.com privacy-is-enabled.com retail-perform.com skinhelpapp.com hvildnordic.com hvidstendigital.com contributionwallet.com contributionshare.com contributionmarketplace.com misjonogbistand.com rybyte.dev talkstarter.app rekoringen.app iamcontributor.app contributeid.app bifrozt.dev freetidd.app freetid.app withnear.app insound.app randomeet.app mm-as.app madeasy.app remivo.app nettsmed.dev martinolsson.dev hyttehjelpen.app rewave.app skinhelp.app sipkit.app canidrive.app heier.dev hammerstad.dev alkemi.app crewweb.app leselys.app bsure.foo calorieclash.app kursa.app bsure.dev dokio.app energima.dev vibedb.app slidex.dev goatish.app kodehub.app dromcomics.app larseven.dev leadsplan.app tiggy.app vibbo.app wibbo.app torgs.app vibbz.app roadhouse.app mysociallife.app arcast.app noloist.com circuitmicrobiomics.com northandi.com crantzwitzoe.com essentialsbyanneli.com glowbyanneli.com xn–legepnett-92a.com whattobuyfromindia.com lettyeurope.com scandinavianbeautytech.com sy-borkumriff.com scandinavianbeautyandwellness.com nigeriashopping.com ztropp.com beautybyanneli.com thenordiccoach.com bellybolso.com direkte-premier.com kampsportbutiken.com vrg25.com circuitcardiologics.com norberedt.com circuitmetabolomics.com fishandshipscomedy.com hairbyanneli.com saga-advisory.com xn–2priln-mua.com gazellejobmap.com moxwold.com ylurtech.com gacnorway.com theasteffenrud.com lloydshotellhonefoss.com indiamusician.com faistr.com henningchristoffersteffenrud.com icartprint.com thehappylarvae.com hvemeierhva.com o3nity.com orstadbyen.com beredskapspakker.com firstwewin.com ylurstore.com styvesbonder.com jensjacobsentrading.com logistikkjentene.com gislevineyard.com sans-programmet.com qb-furniture.com theawesselsteffenrud.com globalnexsus.com lloydshotell.com norwegiangranite.com jossietoys.com stonenorway.com christofferlucassteffenrud.com nittelva.com nastydefensesystems.com shandasti.com nordickindle.com stopp-se-sans.com fictionalrealityframework.com sansprogrammet.com achilleflex.com nilsendigital.com stoppsesans.com idrettslapper.com bluepearlnorway.com christoffersteffenrud.com nastydefense.com snowcontact.com ytringsfriheten.com mediamerketing.com donesecurities.com eldfyr.com jsdrop.com rettsdata.com nenovibe.com m87horizon.com fjordfant.com artfilmmatters.com revellenutrition.com norwaydrone.com fjordafant.com devkomed.com jointmarketinghub.com calmbycraft.com nujcapital.com syborkumriff.com ecceragroup.com tankeboksen.com nixcravings.com xn–lommetrkle-5cb.com palecrusaders.com thereallilyb.com lommetorkle.com tremyr.com therealanneli.com thelilyb.com obm-akademiet.com eldrekraften.com corefluenceglobal.com sora10.com letty-europe.com eiefjellmegleren.com thisnestpas.com daredynamics.com trinerfalk.com treseksti.com borkumriffiv.com bronzebyanneli.com strapitin.com lifewithanneli.com custos-defence.com spendanchor.com yobauniverse.com chkptbrgn.com custosmaritime.com viljr.com linarut.com custos-management.com peakstriveon.com hyreestate.com krilliworld.com checkpointbergen.com rjeide.com allriks.com washlad.com whitefjord.com storyfindingagency.com iversensonthego.com huetml.com phunkyshop.com flowspira.com stolsdokken.com truehealthforyou.com weddingreg.com livefromaustralia.com maldurday.com hugvitai.com doctoronline24-7.com noralutions.com tellnorden.com treningsleir.com fonna1199.com changeourwater.com merdens.com senjaseaside.com mountaineras.com tanlavie.com alvidavega.com tellnorge.com idlehotel.com bozohouse.com getplayerme.com pizzamani-festivalen.com maskinbrodering.com loclguessr.com zenitygroup.com maciejkrzysztof.com wildherbsmb.com mirenet.com chocolateofnorway.com eqyfolio.com spareappen.com trollsofnorway.store www.trollsofnorway.store poglab.no www.doomcards.com campingshack.dk lovemanuelaproducts.store tacokjell.store jetpunksclub.shop workid.pro vallerudkollensameie.org tantralab.org herognu.online noracare.org xn–lftnettverk-ggb.online andreasnilsendesign.online sterkfrastart.online photorunner.online alkokalkulator.online aestdoc.online blomestudio.online iver-accelerate.online sundaycover.online selvio.online knagfylkesnes.online lykele.online commongroundscompany.online selgehuset.online nordicbuild.online summitpulse.online motorsportbet.online salusbo.online loftnettverk.online bilplass.online parkmeg.online bambibo.online franskemakroner.online enkelfinansiering.online fritzfrem.online reutenfylkesnes.online arbion.bio sportmerch.us gadusinvest.us www.mmanalyzer.org aestdoc.com traedal.com ankerpladsen.com tismkids.com tacokjell.com talitor24-7cam.com tannstudiodrammen.com villadining.com sundaycover.com vantagesubsea.com shop-restart.com sologhelse.com salusbo.com marthewalthinsen.com miriammeling.com logretid.com boligflytteren.com boligflytter.com byggtrygt.com eqytek.com emailfacelift.com nettfagskole.com reutenfylkesnes.com fritzfrem.com fjernfagskole.com designbydale.no www.eliteligaen.no www.mummybaby.store www.vinjesterrasse2.no vinjesterrasse2.no steinfjorden.no grancanariaholidays.today askodd.store twosomly.store auroraboralis.store humanlearningintelligence.store lusenmethod.store datastax.store secondfirst.store eittiway.store

Malware Detected on Host

Count: 18 1e978f9081a38530567bd778d25cebdf6297ce2f8c6d1fed644d75ac102fd567 7cdccd310171146059d4678755e95c0f4f5f1144a5ae305857b35dd8c0eb80a1 ee43bac115009e38ae9c53d1074116bdaf3cecb6cdec0835774b334a50cea333 77fc44712dabd40a12215b3bcaaeb88f942a33696377d7771eb78c16f87cd289 ee9f336c5cc57cb15e1a4bc221e4f94f41990a9fdad4a02594eaceb9aaf5c7bf d818089f782cbbc21eaced97f1d08aa0759070ee2523c823d27cd292a4a1c6fa 159e89a885b485918d422c4b3d99e781c7c2dbb3222914e6c7d1c32ed6063d73 8999ed496fea2ccadec059acdc62e783aa549c93f301f6fc175d15ecdc2fbb81 08d7f7a3110ab45180e819c1203d2a4e8c9f3c61becc319930e50e93020daaac 201e71a98b957ce5ae2ffdfa288cc792bfe84322329986fd77f77b911cd7ecf7

Open Ports Detected

80

Map

Whois Information

  • inetnum: 185.134.245.0 - 185.134.245.255
  • netname: NO-DOMENESHOP
  • descr: Domeneshop AS (CK16)
  • country: NO
  • admin-c: SS19786-RIPE
  • tech-c: HH2777-RIPE
  • status: ASSIGNED PA
  • mnt-by: DOMENESHOP-MNT
  • created: 2019-10-10T14:49:24Z
  • last-modified: 2019-10-10T14:49:24Z
  • role: Domeneshop Hostmaster
  • address: Domeneshop AS
  • address: Christian Krohgs gate 16
  • address: 0186 Oslo
  • address: Norway
  • phone: +47 22 94 33 33
  • fax-no: +47 22 94 33 34
  • abuse-mailbox: abuse@domeneshop.no
  • admin-c: SS19786-RIPE
  • tech-c: SS19786-RIPE
  • nic-hdl: HH2777-RIPE
  • mnt-by: DOMENESHOP-MNT
  • created: 1970-01-01T00:00:00Z
  • last-modified: 2021-03-06T09:54:48Z
  • person: Stale Schumacher
  • address: Domeneshop AS
  • address: Christian Krohgs gate 16
  • address: 0186 Oslo
  • address: Norway
  • phone: +47 22 94 33 33
  • fax-no: +47 22 94 33 34
  • nic-hdl: SS19786-RIPE
  • mnt-by: DOMENESHOP-MNT
  • created: 2012-06-07T12:47:02Z
  • last-modified: 2021-03-06T09:53:34Z
  • route: 185.134.244.0/22
  • descr: DOMENESHOP
  • origin: AS12996
  • mnt-by: DOMENESHOP-MNT
  • created: 2016-01-19T10:21:02Z
  • last-modified: 2016-01-19T10:21:02Z

Links to attack logs

****** ****** ******

Share on: