194.58.112.173 Threat Intelligence and Host Information

Oct 19, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.58.112.173 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 75/100

Host and Network Information

  • Mitre ATT&CK IDs: T1036 - Masquerading, T1083 - File and Directory Discovery, T1113 - Screen Capture, T1119 - Automated Collection

  • Tags: Amadey, aurora stealer, Aurora Stealer, auto-generated security, cyber security, geopolitical conflict, home wifi, ioc, malicious, malvertising, Malvertising, morphisec, Nextray, OSINT, phishing, T1055, T1055.012, T1056, T1082, T1083, T1105, T1129, T1547.001, turkey, ukraine

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts, coinbl_ips, hphosts_emd, hphosts_fsa, hphosts_hfs, hphosts_pha, hphosts_psh

  • Country: Russia
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 13 02bc3cf75ae0c533725f3684ffdc5017c5a246971306b5994cc42c9d71cd58c9 6e35881a7ffdb6be5800384767cdb86085393287f6c326fcf8a32f19d29381f6 d4ccf7b8dcc51b39518850037ed118fdf9e07d9726662ba8943d35a35496f67c ea0237574d2a11fd7a713d1f03d4059dbc93ed2efededfa92643ebfab9b97324 f69125eafdd54e1aae10707e0d95b0526e80b3b224f2b64f5f6d65485ca9e886 a60f4a353ea89adc8def453c8a1e65ea2ecc46c64d0d9ea375ca4e85e1c428fd 83e0316e0a99d17c58d6a77415ba464485f53452599de31bf7f67becf23aeced 383fbf1978eb768c6569b7d1b2a0a5a29839632a2bac74b640b0e555c632b0ef 7a5c6a3f48d1e9298b5f2b1a95d463c8d0d73148c57488248708ea9ab8ba6c8e 0d3e79f093723b199f935dd8e815f69854c0659bbdc10d0489589b7a876ff647

Open Ports Detected

80

Map

Whois Information

  • inetnum: 194.58.112.0 - 194.58.113.255
  • netname: REGRU-NETWORK
  • descr: Reg.Ru
  • country: RU
  • admin-c: RGRU-RIPE
  • tech-c: RGRU-RIPE
  • status: ASSIGNED PA
  • mnt-by: REGRU-MNT
  • mnt-routes: DN-MNT
  • mnt-routes: REGRU-MNT
  • created: 2014-10-27T09:34:50Z
  • last-modified: 2014-10-27T09:36:31Z
  • role: Reg.Ru Network Operations
  • address: Russia, Moscow, Vassily Petushkova st., house 3, Office 326
  • phone: +7 (495) 580-11-11
  • fax-no: +7 (495) 491-55-53
  • admin-c: ARP-RIPE
  • admin-c: MS55099-RIPE
  • tech-c: ARP-RIPE
  • tech-c: MS55099-RIPE
  • nic-hdl: RGRU-RIPE
  • mnt-by: REGRU-MNT
  • abuse-mailbox: abuse@reg.ru
  • created: 2011-03-30T12:49:27Z
  • last-modified: 2022-11-29T14:58:55Z
  • route: 194.58.112.0/24
  • descr: Reg.Ru
  • origin: AS197695
  • mnt-by: REGRU-MNT
  • created: 2014-10-27T09:37:02Z
  • last-modified: 2014-10-27T09:37:02Z

Links to attack logs

****** ****** ******

Share on: