213.142.131.168 Threat Intelligence and Host Information

Jun 01, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 213.142.131.168 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

Mitre ATT&CK IDs: T1010 - Application Window Discovery, T1012 - Query Registry, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1098 - Account Manipulation, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1125 - Video Capture, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1158 - Hidden Files and Directories, T1210 - Exploitation of Remote Services, T1414 - Capture Clipboard Data, T1428 - Exploit Enterprise Resources, T1490 - Inhibit System Recovery, T1497 - Virtualization/Sandbox Evasion, T1510 - Clipboard Modification, T1512 - Capture Camera, T1518 - Software Discovery, T1529 - System Shutdown/Reboot, T1562 - Impair Defenses, T1564 - Hide Artifacts, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1583.005 - Botnet, T1614 - System Location Discovery, TA0011 - Command and Control
Tags: 1 upx1, aaaa, accept, accept encoding, access denied, active, active file, activity, added active, address, address virtual, admin, a domains, age2592000 path, agent, aitm, alerts, alexa top, alf features, algorithm, a li, all scoreblue, analysis date, analyzer threat, apache, artemis, as13768 aptum, as15169 google, as16625 akamai, as20940, as21499 host, as2914 ntt, as29873, as31898 oracle, as3257 gtt, as3356 level, as35994 akamai, as396982 google, as397240, as397241, as4230 claro, as44273 host, as45102 alibaba, as47748 daticum, as62597 nsone, as8068, as8075, asn as8068, asnone bulgaria, asnone canada, asnone germany, august, authentihash, author avatar, avast avg, av detections, aws, aws botnet, b59bn timestamp, b715, bank, binary, body, body length, botnet, b pe, brazilian, brendan coates, brian sabey, bruter cnc, ca1 odigicert, cab null, ca issuers, calls, canada, canada unknown, capa, cape, certificate, checkin, chi2, china, cisco umbrella, click, cname, cndigicert sha2, code, code signing, com cnt, commerce cloud, compiler, config, contacted, contact phone, content, contentlength, content type, copy, create c, created, createdate, creation date, c request, critical, crypter, currently, cus cndigicert, cus lsan, cyber attack, cyber threat, daley, data, data redacted, date, date hash, december, default, delete c, deletes, delphi, denver, denver co, detection list, detections file, discovery, div div, div li, dll english, dll sideloading, dns resolutions, dnssec, domain, domains contacted, dos exe, download, downloads, dropper, dynamic, eastman kodak, easyshare, email, emails, emotet, encrypt, engineering, entries, et malware, evasion ta0005, execution, execution flow, expiration date, explorer, false, fcolorffffff, february, filehash, filehashmd5, filehashsha1, filehashsha256, files, file samples, files domain, file size, files location, files matching, files show, file type, final url, fish chinese, flag united, flow t1574, format, france, from, fusioncore, gamers, generic, germany, get http, ghostscript, gmt content, gmt etag, gmt max, gmtn, gmt server, gobrut, gobrut malware, gtmkj5bfwx, guloader, hackers, hallrender, hashes c2ae, headers, high, high level, highly targeted, hijack, historical ssl, hong kong, hosting, hostname, hostpapa, html, html info, http, http performs, http response, https, icmp traffic, idlinea8 sep, ids, imphash, im unaware, information, info sections, inhibit system, injection, install, installcore, intel, invalid url, ip address, ip summary, ip traffic, ipv4, issuer addtrust, ja3s, javascript, jpeg jpg, kb body, kb graph, kodak, kodak easyshare, korean, kukacka, langchinese, less see, level 3, lhangzhou, link, linux x8664, li ul, local, location united, log id, magic pe32, malicious, malicious site, malicious url, maltiverse, malware, malware c, malware config, man in the middle, manjusaka, markmonitor, may sleep, md5 chi2, md5 process, media center, medium, meta, meta http, meta tags, microsoft, microsoft color, million, mitm, mitre att, modifydate, moved, mozilla, ms13098, msft, msie, ms windows, mtb dec, name, namecheap, name comodo, name file, name servers, name type, name virtual, net1, next, no data, november, ns nxdomain, number, nxdomain, nymaim, oalibaba, object, october, odigicert inc, oglobalsign, oracle, overlay chi2, overview ip, packer, passive dns, path, pecompact, pecompact2xx, performs dns, persistence, phishing, photolan, please, pnpd5d, post http, pragma, pre crime, precrime, producer gpl, proxy, pulse pulses, pulse submit, quantum fiber, quantumfiber, quantumfiber.com, rdds service, read c, record, record value, ref b, referrer, regbinary, regdword, registrant, registrar, registrar abuse, registrar iana, registrar url, registrar whois, regsetvalueexa, regsetvalueexw, regsz, related nids, related pulses, related tags, report spam, research group, rich pe, role title, round, rsdsr7siwwd d, rtstring french, safe site, sales, salitiy, sample, samples, sandbox evasion, scan endpoints, script domains, search, sections, serial number, server, server ca, servers, service, serving ip, set cookie, sha256, sha256 file, show, showing, signature, simplified, singapore, site, sitegg, size entropy, size raw, slcc2, soa nxdomain, spawns, spotify artist, spotify artists, sqlite, sqlite version, ssdeep, ssh attacker, status, status code, stzhejiang, subject, summary, suricata, susp, sysinternals, t1010, t1012, t1027, t1036 creates, t1055, t1055 allocates, t1055 spawns, t1057, t1059, t1497, t1497 allocates, t1497 contains, ta0003 hijack, tag count, tag manager, tags, target otx alienvault, target tsara brashears, target virustotal, team, team covid19, team phishing, tech contact, tech id, text, threat roundup, thumbprint, timestamp, tlds, tls rsa, tlsv1, tls web, tracker, trackers google, traditional, trent wiltshire, trid upx, trojan, trojan features, twitter, type type, ubuntu, united, united kingdom, united states, unix, unix malware, unknown, upx0, upx2, upx software, url analysis, url http, url https, urls, url summary, utc facebook, utc gtm5z5w687v, utc gtmp4hkt96, utc na, valid from, vhash, virtool, virus, vt graph, wed may, west domains, whitelisted ip, win16 ne, win32, win32 dll, win32 exe, window, windows, windows nt, worm, wow64, write, write c, xa10629, xo544, xport, yara, yara detections, yoda, zbot, zenbox, zeus
JARM: 29d29d00029d29d21c42d42d000000bdfc58c9a46434368cf60aa440385763
View other sources: Spamhaus VirusTotal

Country: Turkey
Network:
Noticed: 2 times
Protocols Attacked: SSH
Countries Attacked: United States of America
Passive DNS Results: bostanderedernegi.com parstechnical.com www.parstechnical.com kaykimya.com paypayon.com yildizstoneart.com www.yildizstoneart.com getirtropical.com tbtmedya.com avorwe.com kayrasercanphotography.com emrehukukdanismanlik.com ozdemirkalip.com carmencaire.com alggroup.com.tr bodrumguvenkasap.com yedekparcarenault.com taorusmobile.com helphand.world armutkursun.com a.googlereklamcisi.com.tr nesseconsultancy.co.uk medyaemlak.com www.kalmentekstil.com www.balikcikovasi.com balikcikovasi.com www.enerjibilimi.com enerjibilimi.com erolrentacar.com yesiltiner.com www.yesiltiner.com monzagroupmobilya.com www.freesoftpad.com.tr freesoftpad.com.tr www.berlinerinnovation.com berlinerinnovation.com www.larosecoffee.com larosecoffee.com dijitalbaski.allureteknoloji.com www.dijitalbaski.allureteknoloji.com bkr.com.tr www.cafetherose.com cafetherose.com uslumekatron.com transfer-bodrum.com gundesinsaat.com saglikfilesi.com www.saglikfilesi.com serene-curran.213-142-131-168.plesk.page www.serene-curran.213-142-131-168.plesk.page www.friendly-blackburn.213-142-131-168.plesk.page friendly-blackburn.213-142-131-168.plesk.page www.tender-liskov.213-142-131-168.plesk.page tender-liskov.213-142-131-168.plesk.page confident-jennings.213-142-131-168.plesk.page www.confident-jennings.213-142-131-168.plesk.page alfafilm.tv www.cicekcankaya.com cicekcankaya.com www.sayisallotoankara.com sayisallotoankara.com www.etemarket.com etemarket.com www.bilirotomasyon.com.tr kalmentekstil.com biromurguzellikmerkezi.com www.biromurguzellikmerkezi.com toshiba-antalya.com sgrklima.com www.algcar.com gokhanviptravel.com gokhanviptransfer.com akguler.com saracogluozelegitim.com basaranecetarim.com www.vipkesintisizguckaynaklari.com vipkesintisizguckaynaklari.com assets.merlinyapi.com www.ozanevdeneve.com www.asikkutlu.com asikkutlu.com hacicesur.com www.hacicesur.com js.merlinyapi.com ligapol.com.tr www.yorukbeymimarlik.com www.pasarot.com.tr pasarot.com.tr algcar.com yeniuntas.com www.yeniuntas.com www.bortacina.com.tr bortacina.com.tr www.kardelensukim.com.tr kardelensukim.com.tr ban.com.tr www.ban.com.tr www.mmsfilmyapim.com mmsfilmyapim.com zezeotantik.com drpflanz.com alpaktesisat.com www.eyzakargo.com zezeotantik.net www.guvenfilo.com guvenfilo.com dizep.com www.minikdunyalar.com makyed.com yorukbeymimarlik.com romantikfikirlerimiz.com www.lilynightwear.com lilynightwear.com www.allureteknoloji.com bilirotomasyon.com.tr hizlirender.com ozelteknoloji.com pasarot.com www.ynstour.com batesigorta.com orenasm.com www.orenasm.com woodtime.com.tr nazilliaspetrol.com yasotarim.com hermimpex.com berfingursoy.com www.merlintiny.com www.prefabrik2m.com kubilaykirtasiye.com www.pehlivanogluentegreet.com.tr tatilborsasi.org huzaltekstil.com eyzakargo.com evdipa.com foodart.com.tr www.4004kia.com www.mesleklisesibilimsenligi.com mesleklisesibilimsenligi.com er2co.com www.beautifylog.com merlintiny.com ykcprotezsac.com merlinyapi.com.tr turktasarimmatbaacilik.com yildizmermer.com yesilkoy-rotary.com kutlukayabutikotel.com www.burotek.net www.jnsreklam.com www.haberotesi.com www.ajans68.com adardiamond.co.uk www.bizimaksaray.com modatutkunlari.com cadde92.com www.merlinyapi.com merlinyapi.com www.mostkuaformandarin.com mostkuaformandarin.com kadaayakkabi.com www.festivalpastanesi.com festivalpastanesi.com www.gpromac.com www.alegrayacht.com www.millihafizalarimizdaegitim.com ozanevdeneve.com hnyemekservisi.com haberotesi.com allureteknoloji.com pehlivanogluinsaat.com pehlivanogluentegreet.com.tr korfezilaclama.com atmosferedokunuyoruz.com 4004kia.com millihafizalarimizdaegitim.com prefabrik2m.com beautifylog.com memurkafa.com korfezilac.com burotek.net jnsreklam.com ajans68.com seyahatacentasistemi.com virusbusterofficial.com gpromac.com alegrayacht.com mkgorganik.com sistemarabuluculuk.com ynstour.com bizimaksaray.com gencerinsaatpetrol.com emlakfly.com 98x.org chefdonersoke.com sts1.britishenglish.com.tr ynspazarlama.com ensarhaliyikamagonen.com gonenhaliyikama.com minikdunyalar.com damacar.com.tr bodrummostkuafor.com zekiustabodrum.com helinimtour.com gloss.com.tr kusadasidizayn.com

Open Ports Detected

21 25 3306 443 587 80 993 995

Map

Links to attack logs

****** ****** ******

Share on: