212.82.100.137 Threat Intelligence and Host Information

Oct 15, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 212.82.100.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001.002 - Steganography, T1012 - Query Registry, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1038 - DLL Search Order Hijacking, T1041 - Exfiltration Over C2 Channel, T1046 - Network Service Scanning, T1047 - Windows Management Instrumentation, T1055 - Process Injection, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1074 - Data Staged, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1105 - Ingress Tool Transfer, T1122 - Component Object Model Hijacking, T1129 - Shared Modules, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1147 - Hidden Users, T1221 - Template Injection, T1445 - Abuse of iOS Enterprise App Signing Key, T1448 - Carrier Billing Fraud, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1472 - Generate Fraudulent Advertising Revenue, T1497 - Virtualization/Sandbox Evasion, T1516 - Input Injection, T1518.001 - Security Software Discovery, T1518 - Software Discovery, T1529 - System Shutdown/Reboot, T1539 - Steal Web Session Cookie, T1562.004 - Disable or Modify System Firewall, T1564.001 - Hidden Files and Directories, T1564 - Hide Artifacts, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1614 - System Location Discovery, TA0011 - Command and Control

  • Tags: 114.114.114.114, 404, aaaa, accept, access token, acint, address, address domain, a div, admin city, admin country, adobe acrobat, adobe cloud, adobe crash, adobe sign, adware.adload/adinstaller, adwind, aes128gcm, age86400 set, agent, agent tesla, AI_Score_52%, alexa, alexa top, a li, all scoreblue, all search, amazon02, analysis ob0001, analysis ob0002, analyzed, anonymisation, apple, application/octet-stream, artemis, as12876 online, as14061, as16276, as202053, as44273 host, as47846, as63949 linode, aschoopa, ascii text, ashburn va, aspack, assaulter, ATT&CK fonts.gstatic.com, azorult, b0001 process, b0003 delayed, back, bank, bankerx, b body, behav, blacklist, blacklist http, bobsoft, body, body length, both forensics, bottom3, bottom3 http, bq aug, brian sabey, burma, business url, button, bv7uet92ww, ca1 odigicert, campaign, canada unknown, capa, cape, cape sandbox, catalog tree, cellbrite, cellebrite, cellebrite ufed, centennial, cisco umbrella, cleaner, cloudfront, cn admin, cndigicert sha2, code, comments, communicating, conduit, connection, contact, contacted, contact phone, contains-elf, contains-embedded-js, contains-pe, cookie, cookie policy, copy, copyright, core, country, crack, creation date, csc corporate, cus cndigicert, cve-2010-3333, cve-2014-3931, cve-2016-2569, cve-2017-0199, cve-2017-11882, cybercrime, cyber criminal group, data, datacrashpad, dataset, date, date hash, dead, dead drop resolver, december, defense, delivery optout, delphi, denver, detection list, detections file, detections type, digitaloceanasn, div div, dll sideloading, dns replication, dnssec, domain, domains, domain status, douglas co, douglas co sheriff, downldr, download, downloader, downloads, dpt, dropper, dr ste, dynamicloader, email, embedded, emotet, entries, error, europeberlin, evasion ob0006, evasive, evasivehyteodransomware, everywhere dv, examiner, exchange, execution, exploit, f0007 discovery, facebook, fakealert, falcon sandbox, fbi va, february, filerepmetagen, FileRepMetagen, files, file samples, files ip, file size, files matching, filetour, file type, final url, find, finland unknown, first, flow t1574, form, format, formbook, frankfurt, fuery, funshion, g1 odigicert, gecko, generator, generic, genkryptik, germany unknown, get http, gettr, global g2, google, gts ca, gui, hackers, hacktool, hall render, hallrender, hashes c2ae, hashes files, headers, heur, heuristic, hidden form, high, high assurance, high level, highly targeted, historical ssl, host, hostname, hostnames, hours mon, hr rtd, html internet, http://hghltd.yandex.net/yandbtm?fmode=inject&url=http://siteinl, http response, iana id, ibm xforce, iframe, iframes, inc subject, information, iniciar download setup, inno setup, input, installpack, installs, intel, invalid, invalid variant, investigation, investigation c, iobit, iocs, ioc search, ip address, ip addresses, ip detections, ipdomain, ip summary, issuer, it legal, javascripts, jeffrey scott reimer dpt, join browse, justin bieber, key info, khtml, k netsvcs, lab command, lazarus, lcid1033, less see, limited, lockbit, lolkek, lookups, loudon county, luna moth, magic html, main, makop, malicious ip, malicious site, malicious url, malware, malware site, manage, mark brian sabey, mediaget, medium, million, mimikatz, mitre, mitre att, modify access, modules, moves, mywebsearch, nail salons, name, namecheap inc, name servers, namesilo, name verdict, nameweb, nameweb bvba, nearby, network partner, new ioc, next, ngfw traffic, nimda, nircmd, no data, norad tracking, ns nxdomain, number, nxdomain, ob0007 analysis, october, odigicert inc, office open, opencandy, otx scoreblue, ovh sas, passive dns, paste, path, path max, paypal, p div, pegasus, people search, pe resource, phishing, phishing site, physical, please select, podcast, police, pony, popular, premium, presenoker, privilege https, problems, productversion, programfiles, protect, pulse pulses, qbot, quasar, quasar rat, ransomexx, ransomware, raspberry robin, read more, reads, redline stealer, referrer, registrar, registrar abuse, registrarsafe, registrar url, registrar whois, related pulses, replacement, request, resolutions, review, riskware, rolefunction, rostpay, runescape, runtime modules, safe site, samplepath, samples, sa victim, scan endpoints, script script, search, select family, self deletion, september, server, service, sha256, sheriff, show, showing, sig10vr3b813, sign, site, smart search, smlen, sneaky server, s ngcctnrsvc, solutions, solve, spn224, ssl certificate, stack, s tamarac, startpage, state directory, status, status code, stealer, stealth, strong, subject public, submitters, summary, superpages url, survey, survivor, swipper, swrort, system property, systweak, t1055 spawns, tag count, targets, targets sa, team, team phishing, teams api, team top, temp, tencent habo, the local, therahand, therapists, threat, threat analyzer, threat report, threat roundup, threat score, tiggre, tls ca, tls rsa, tomorrow, toni braxton, tools, trid file, trojan, trojandropper, trojan features, trojanspy, trojanx, tsara brashears, tulach, unauthorized, union, united, united kingdom, unknown, unknown win, unruy, unsafe, upgrade, urls, urls https, url summary, use my, user, userprofile, us url, utc submissions, v3 serial, validity, virtool, wacatac, webtoolbar, whois lookup, whois record, whois ssl, whois whois, win32, win32 dll, win32 exe, win32process, win32processor, win64, windir, windows, windows nt, windows startup, worm, wow64, xml spreadsheet, xorcrypt, x sucuri, xtrat, yara detections, yara rule, yoda, yodaprot, zbot, zenbox, zpevdo

  • JARM: 27d27d27d3fd27d1dc41d41d000000937221baefa0b90420c8e8e41903f1d5

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_ats, hphosts_emd

  • Country: Ireland
  • Network:
  • Noticed: 17 times
  • Protocols Attacked: SSH
  • Countries Attacked: Netherlands, Saudi Arabia, United States of America
  • Passive DNS Results: checkonce.com umbat.com 5min.com walletpop.com instorehomes.com instoreautos.com instorecars.com wimzi.com instoredownloads.com wavezie.com ehealth247.com pj.wow.com instore.com helping.com boxely.com binoz.com ygm.com leadlocal.com kol.com onesearch.com job-sift.com know-legal.com tech247.co sport-king.com see-it.live insurance24-7.com gamer.site furniture.deals foodbegood.com fast.rentals baby.guide autos.parts 24-7.pet find.furniture going.com shopfone.com homesessive.com chowist.com netfind.com greendaily.com diylife.com health247.com wow.com learn-247.com aolsearch.com housingwatch.com money-a2z.com citypedia.com health.zone netdeals.com glamorbank.com intoautos.com fashion.life when.com ats1.l7.search.vip.ir2.yahoo.com luxist.com 247.vacations golocal.guru enow.com think24-7.com pets.world couponbear.com tech24.deals viral.site autos24-7.com thegifts.co espanol.news.search.yahoo.com search.huffingtonpost.com r.search.huffingtonpost.com hive.search.yahoo.com www.autos24-7.com www.altavista.com search.aol.com uk.yhs4.search.yahoo.com downloads.yahoo.com fr.altavista.com tw.search.yahoo.com us.when.com www.pets.world yboss.yahooapis.com www.homesessive.com id.news.search.yahoo.com www.couponbear.com searchjam.com maktoob.images.search.yahoo.com www.fashion.life ph.video.search.yahoo.com id.video.search.yahoo.com solo-search.com www.baby.guide pe.images.search.yahoo.com at.video.search.yahoo.com kr.search.yahoo.com mx.video.search.yahoo.com news.search.yahoo.com uk.maps.yahoo.com www.luxist.com hk.video.search.yahoo.com www.insurance24-7.com sg.video.search.yahoo.com de.ff.search.yahoo.com sugg.co.search.yahoo.com www.thegifts.co sugg.id.search.yahoo.net hk.dictionary.search.yahoo.com www.housingwatch.com www.golocal.guru espanol.images.search.yahoo.com addurl.altavista.com ru.images.search.yahoo.com tw.video.search.yahoo.com tw.shopping.search.yahoo.com tw.news.search.yahoo.com tools.search.yahoo.com ru.news.search.yahoo.com autos.search.yahoo.com no.search.yahoo.com fi.search.yahoo.com www.aolsearch.com ca.answers.search.yahoo.com search.video.yahoo.com ua.search.yahoo.com tw.maps.yahoo.com qc.search.yahoo.com ar.yhs4.search.yahoo.com espanol.maps.yahoo.com de.yhs4.search.yahoo.com www.searchjam.com www.greendaily.com sugg.id.search.yahoo.com pl.yhs4.search.yahoo.com www.citypedia.com sugg.br.search.yahoo.net br.video.search.yahoo.com it.answers.search.yahoo.com api.search.yahoo.com uk.wow.com br.news.search.yahoo.com se.images.search.yahoo.com espanol.answers.search.yahoo.com no.images.search.yahoo.com mx.images.search.yahoo.com hk.forum.search.yahoo.com uk.netfind.com sugg.in.search.yahoo.com uk.image.search.yahoo.com uk.enow.com sugg.ve.search.yahoo.com se.news.search.yahoo.com ph.images.search.yahoo.com it.yhs4.search.yahoo.com de-sayt.ff.search.yahoo.com ch.yhs4.search.yahoo.com sg.images.search.yahoo.com il.search.yahoo.com cn.search.yahoo.com uk.local.yahoo.com uk-sayt.ff.search.yahoo.com nz.search.yahoo.com nl.news.search.yahoo.com de.local.yahoo.com www.netdeals.com www.health247.com us.wow.com uk.altavista.com de.altavista.com in.video.search.yahoo.com ch.video.search.yahoo.com sugg.uk.search.yahoo.com sugg.tw.search.yahoo.com mx.answers.search.yahoo.com www.shopfone.com www.health.zone ar.video.search.yahoo.com sugg.es.search.yahoo.com search.aol.ca ri.search.aol.com recherche.aol.fr espanol.video.search.yahoo.com ch.images.search.yahoo.com in.yhs4.search.yahoo.com ysp.yahooapis.com in.images.search.yahoo.com boss.yahoo.com sugg.de.search.yahoo.com nl.yhs4.search.yahoo.com malaysia.yhs4.search.yahoo.com hk.images.search.yahoo.com at.images.search.yahoo.com th.search.yahoo.com pl.search.yahoo.com de.wow.com suche.aol.de sugg.search.yahoo.net ar.search.yahoo.com www.viral.site de.news.search.yahoo.com ca.video.search.yahoo.com mx.search.yahoo.com malaysia.video.search.yahoo.com co.images.search.yahoo.com cl.images.search.yahoo.com uk.news.search.yahoo.com sports.search.yahoo.com shopping.search.yahoo.com recipes.search.yahoo.com dictionary.search.yahoo.com de.video.search.yahoo.com finance.search.yahoo.com www.when.com uk.answers.search.yahoo.com search.aol.co.uk malaysia.search.yahoo.com fr.news.search.yahoo.com cl.search.yahoo.com sugg.ar.search.yahoo.net gr.search.yahoo.com es.altavista.com ca.images.search.yahoo.com gws2.maps.yahoo.com fr.yhs4.search.yahoo.com vn.search.yahoo.com sugg.fr.search.yahoo.com br.images.search.yahoo.com br.answers.search.yahoo.com id.search.yahoo.com hk.dictionary.yahoo.com es.video.search.yahoo.com es.answers.search.yahoo.com www.netfind.com sugg.ru.search.yahoo.com local.yahoo.com co.search.yahoo.com ve.search.yahoo.com us.yhs4.search.yahoo.com tw.local.search.yahoo.com tw.images.search.yahoo.com tw.dictionary.search.yahoo.com sg.search.yahoo.com ri.search.yahoo.com espanol.search.yahoo.com au.search.yahoo.com uk.video.search.yahoo.com uk.images.search.yahoo.com tr.yhs4.search.yahoo.com sugg.uk.search.yahoo.net sugg.search.yahoo.com se.altavista.com ru.search.yahoo.com ph.search.yahoo.com nl.images.search.yahoo.com hk.search.yahoo.com dk.search.yahoo.com de.images.search.yahoo.com answers.search.yahoo.com www.wow.com tw.knowledge.search.yahoo.com search.wow.com se.search.yahoo.com r.search.aol.com pe.search.yahoo.com nl.search.yahoo.com js-apac-ss.ysm.yahoo.com ff.search.yahoo.com ca.search.yahoo.com br.search.yahoo.com es.news.search.yahoo.com it.news.search.yahoo.com it.video.search.yahoo.com es.yhs4.search.yahoo.com uk.search.yahoo.com tr.search.yahoo.com fr.video.search.yahoo.com fr.images.search.yahoo.com ro.search.yahoo.com it.images.search.yahoo.com in.search.yahoo.com images.search.yahoo.com es.images.search.yahoo.com de.search.yahoo.com ch.search.yahoo.com at.search.yahoo.com www.enow.com maktoob.search.yahoo.com it.search.yahoo.com es.search.yahoo.com search.yahoo.com us.search.yahoo.com maps.yahoo.com r.search.yahoo.com sugg.us.search.yahoo.net tw.dictionary.yahoo.com video.search.yahoo.com sgws2.maps.yahoo.com global3.l7.search.ystg1.b.yahoo.com fr.search.yahoo.com ds-global3.l7.search.ystg1.b.yahoo.com m.search.yahoo.com

Malware Detected on Host

Count: 337 6b623573f2b7710bf5215339ab91cc70a3cadb34c2d2bb25d0ab2b8be70d80b8 fb9e2d47de8c34eb8354f985394c616cb5858dafb87e125a71464e9da86380db 8d279e4ded3e3315ef47496d1aea46ddbeefa1b2b2ceb17e42ad1c1fc10530e7 a23c0b346aa600a6694d2d248ca3f19acf87500e66c43d22480a8658d315f709 9de44793ca22ed370810f7233cced31559cda12c2bc4c7444b571c2ffa689acc e91ab2310664b49a86100cd289bd1e288edf2028aaf42a152e93081f33958533 18d37b2e39de309755336c1c26bf142f8006a0b1b90b64ed62e4a4b80bb45b70 1f52dbc7ebc769a12fbaa932f1b2015b0203be3344a0c46a0526ab831830d62c d8ff3f5c37be969ef29fd84428ffe361ea19352a8b00d02a9bee007aa645dee5 f99d44d4d4af9481e4c65aae708e4c1316ace8a4f903f761e17e863b5178e15b

Open Ports Detected

443 80

Map

Whois Information

  • inetnum: 212.82.100.0 - 212.82.103.255
  • netname: YAHOONET
  • descr: Yahoo! Europe
  • country: CH
  • admin-c: YEU-RIPE
  • tech-c: YEU-RIPE
  • status: ASSIGNED PA
  • mnt-by: YAHOO-MNT
  • created: 2009-06-08T14:25:29Z
  • last-modified: 2009-06-08T14:25:29Z
  • role: Yahoo Europe Operations Department
  • address: Yahoo Europe Operations
  • address: 125 Shaftesbury Avenue
  • address: London
  • address: WC2H 8AD
  • admin-c: NA1231-RIPE
  • admin-c: NO1883-RIPE
  • tech-c: NA1231-RIPE
  • tech-c: IG1154-RIPE
  • tech-c: NO1883-RIPE
  • nic-hdl: YEU-RIPE
  • mnt-by: YAHOO-MNT
  • created: 2005-02-21T10:54:13Z
  • last-modified: 2021-03-19T14:36:30Z
  • abuse-mailbox: rir-abuse@verizonmedia.com
  • route: 212.82.100.0/22
  • descr: Yahoo-EU-NET
  • origin: AS42173
  • mnt-by: YAHOO-MNT
  • created: 2009-06-08T14:19:30Z
  • last-modified: 2009-06-08T14:19:30Z
Share on: