212.113.106.100 Threat Intelligence and Host Information

Dec 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 212.113.106.100 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1090 - Proxy, T1136 - Create Account, T1190 - Exploit Public-Facing Application, T1218 - Signed Binary Proxy Execution, T1219 - Remote Access Software, T1564 - Hide Artifacts, T1574 - Hijack Execution Flow, T1584 - Compromise Infrastructure, T1595 - Active Scanning, TA0001 - Initial Access, TA0002 - Execution, TA0003 - Persistence, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0011 - Command and Control, TA0042 - Resource Development, TA0043 - Reconnaissance

  • Tags: 32, 32-bit, agenziaentrate, Amazon S3 bucket, AnyDesk, arm, autoit, AveMariaRAT, CobaltStrike, CVE-2023-42793, dbash, Dcrat, DDoS Bot, devnullbase64, dropped-by-amadey, elf, exe, gafgyt, Gozi, hajime, hta, intel, ITA, JetBrains TeamCity, LaplasClipper, mips, mirai, Mozi, NanoCore, PowerPC, Powershell, PowerShellDiscordKeyLogger, ps1, Python, Qakbot, RedLineStealer, Remote Code Execution Vulnerability, smokeloader, Smoke Loader, SocGholish, url, ursnif, Vidar, vjw0rm, WMIC, x86-32, zip

  • View other sources: Spamhaus VirusTotal

  • Country: Russia
  • Network:
  • Noticed: 15 times
  • Protocols Attacked: ip
  • Passive DNS Results: majid.azadvpn00.online

Malware Detected on Host

Count: 7 12a9c5b69975f544fa612ac6fe718da610ba718d3064277562b80c006a944f8a 4cda0d865185973358dbc68ef9373fdbdb72bc27530adda2c0a24a5f6f3dd6a6 cf33cd00873532ca5b4e84c49de9445396d44140349dd2fa481717e4b2e7f801 55eff13e4dccd696ca834d2cef46b1d6607acb6d9dceef1670ee0fd527d92e4b a3c71ebef06d2d768f34d522df4d5c820142d55241d8e36574e95bb8a6d33dab 2d43459ded370e5dcbe11a859084b7efcc91b094d28a50bc302b411332a85a58 9126cc827516668e32a1a42d851604bff56c812cd8b188549cb6ac99af53279a

Map

Whois Information

  • inetnum: 212.113.106.0 - 212.113.106.255
  • netname: Aeza-Network
  • country: AT
  • admin-c: AN32681-RIPE
  • tech-c: AN32681-RIPE
  • status: ASSIGNED PA
  • geofeed: https://aeza.net/static/ipv4_f.csv
  • geoloc: 48.2697765 16.4100816
  • org: ORG-AGL38-RIPE
  • mnt-domains: aeza-mnt
  • mnt-routes: aeza-mnt
  • mnt-by: VF1-MNT
  • created: 2023-01-09T13:44:26Z
  • last-modified: 2023-02-25T08:01:03Z
  • organisation: ORG-AGL38-RIPE
  • org-name: Aeza International LTD
  • org-type: OTHER
  • address: 311 Shoreham Street, Sheffield, S2 4FA, United Kingdom
  • abuse-c: AA38875-RIPE
  • mnt-ref: aeza-mnt
  • mnt-ref: renets-mnt
  • mnt-ref: VF1-MNT
  • mnt-ref: DN-MNT
  • mnt-ref: WEBROCKET-MNT
  • mnt-ref: QWARTA-MNT
  • mnt-ref: ROSNIIROS-MNT
  • mnt-ref: IROST-MNT
  • mnt-ref: JD-RIPE-MNT
  • mnt-ref: AS15509-MNT
  • mnt-ref: sistemallc-mnt
  • mnt-by: aeza-mnt
  • created: 2021-11-23T13:59:30Z
  • last-modified: 2025-07-18T09:41:52Z
  • role: Aeza International LTD
  • address: 311 Shoreham Street, Sheffield, S2 4FA, United Kingdom
  • abuse-mailbox: abuse@aeza.net
  • nic-hdl: AN32681-RIPE
  • mnt-by: aeza-mnt
  • created: 2021-10-13T17:49:21Z
  • last-modified: 2024-10-16T14:38:44Z
  • route: 212.113.106.0/24
  • origin: AS210644
  • mnt-by: VF1-MNT
  • created: 2023-01-09T13:45:05Z
  • last-modified: 2023-01-09T13:45:05Z

Links to attack logs

****** ukraine-attackers-ip-list-2023-08-13 ukraine-attackers-ip-list-2023-08-23 ****** ******

Share on: