216.245.214.82 Threat Intelligence and Host Information

Oct 06, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 216.245.214.82 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 58/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, TA0011 - Command and Control

  • Tags: 114.114.114.114, acint, address, adload, agent, alexa top, algorithm, appdata, apple, april, artemis, ascii text, asyncrat, august, authority, ave maria, azorult, bambernek, bandoo, bank, barracuda et, behav, blacklist, blacklist http, body, c2, cins active, cisco umbrella, citadel, class, cleaner, click, cname, cnc, cngo daddy, cobalt strike, communicating, conduit, contacted, contact phone, copy, core, count blacklist, covid19, cowboy, crack, creation date, critical, cronup threat, cus starizona, CVE-2011-0611, CVE-2014-3153, CVE-2016-0189, CVE-2017-0147, CVE-2017-0199, CVE-2017-11882, CVE-2017-8570, CVE-2018-4893, CVE-2018-8174, CVE-2020-0601, CVE-2023-22518, cyber threat, data, date, detection list, dns replication, dnssec, domain name, domain status, downldr, download, emails, emotet, encrypt, engineering, error, et tor, exit, exploit, facebook, february, file, files domain, files related, filetour, first, fusioncore, g2 validity, general, generator, genkryptik, google, heur, host, hostname, hotmail, http, hybrid, iana id, iframe, illegal, installcore, internet storm, ip summary, june, key algorithm, key info, key usage, known tor, kraken, llc status, local, mail spammer, malicious, malicious site, malicious url, maltiverse, malware, malware site, march, matsnu, million, miner, misc attack, mon oct, netsky, nircmd, no data, node tcp, node traffic, noname057, none file, number, nymaim, opencandy, passive dns, patcher, path, pattern match, phishing, phishing site, phishtank, ponmocup, poor reputation, presenoker, pulses none, qakbot, ramnit, ransomware, record type, record value, redline stealer, referrer, registrar, registrar abuse, registrar url, registrar whois, related tags, relayrouter, remcos, resolver ip, riskware, runescape, safe site, sample, samples, scanning_host, search, server, service, showing, simda, site, softcnapp, spammer, ssl certificate, status, stealer, strings, subject public, summary, suppobox, swrort, systweak, tag count, tag tag, target, team, team malware, threat report, threat roundup, tiggre, tinba, tofsee, tor known, tor relayrouter, tracking, traffic, trojanspy, tsara brashears, ttl value, tulach, type textplain, union, united, unknown, unruy, unsafe, urls, url summary, v3 serial, vawtrak, virut, wacatac, webtoolbar, whois lookups, whois record, whois server, win64, xrat, xtrat, zbot, zeus

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 4 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 1130 327b0ce2e5d5bfa752f898a664dc4fd2a29c17018c93839ef11f1d86b8494c81 b9bea042855256a7046aaa761bfe783c71b460839828e8e858d25724c8dc0493 e3eeddf525f3474a560735cd3883ec861f4099d8a1486afaaaba04333e701a0c bc5bf46de108105bdb378c072bccf2b0dd5a94c3417a74d042edbcd2dfa1877a 8a656aeca76f83d6cf06b74957b98b1b2638eb49fddcad730e5a5014f724cc84 b804862efd47b36a8c5b4ac0c14d4b1c99312ce006ec3eb84b9c345f1f135d80 016ec7aa1f248aa19b59124f5f8ecd91d0a706a7870afc9bca73a75a11ef7fa6 8529cf149a30fbc44d55250ad10e6f21c80b8c31999d60a38f3786ce30ae61dc 23fea71bc1000ff92b633ecdbfb7dc063fb78e379385a379c93fc62a1b9b319e 898b0e2430086c7b615100b09f5b25726635c5c123bd17858d5274b3fc00247b

Open Ports Detected

1022 443 53 80 8080

Map

Whois Information

Share on: