216.245.214.86 Threat Intelligence and Host Information

Jun 04, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 216.245.214.86 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 58/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, TA0011 - Command and Control

  • Tags: 114.114.114.114, acint, address, adload, agent, alexa top, algorithm, appdata, apple, april, artemis, ascii text, asyncrat, august, authority, ave maria, azorult, bambernek, bandoo, bank, barracuda et, behav, blacklist, blacklist http, body, c2, cins active, cisco umbrella, citadel, class, cleaner, click, cname, cnc, cngo daddy, cobalt strike, communicating, conduit, contacted, contact phone, copy, core, count blacklist, covid19, cowboy, crack, creation date, critical, cronup threat, cus starizona, CVE-2011-0611, CVE-2014-3153, CVE-2016-0189, CVE-2017-0147, CVE-2017-0199, CVE-2017-11882, CVE-2017-8570, CVE-2018-4893, CVE-2018-8174, CVE-2020-0601, CVE-2023-22518, cyber threat, data, date, detection list, dns replication, dnssec, domain name, domain status, downldr, download, emails, emotet, encrypt, engineering, error, et tor, exit, exploit, facebook, february, file, files domain, files related, filetour, first, fusioncore, g2 validity, general, generator, genkryptik, google, heur, host, hostname, hotmail, http, hybrid, iana id, iframe, illegal, installcore, internet storm, ip summary, june, key algorithm, key info, key usage, known tor, kraken, llc status, local, mail spammer, malicious, malicious site, malicious url, maltiverse, malware, malware site, march, matsnu, million, miner, misc attack, mon oct, netsky, nircmd, no data, node tcp, node traffic, noname057, none file, number, nymaim, opencandy, passive dns, patcher, path, pattern match, phishing, phishing site, phishtank, ponmocup, poor reputation, presenoker, pulses none, qakbot, ramnit, ransomware, record type, record value, redline stealer, referrer, registrar, registrar abuse, registrar url, registrar whois, related tags, relayrouter, remcos, resolver ip, riskware, runescape, safe site, sample, samples, scanning_host, search, server, service, showing, simda, site, softcnapp, spammer, ssl certificate, status, stealer, strings, subject public, summary, suppobox, swrort, systweak, tag count, tag tag, target, team, team malware, threat report, threat roundup, tiggre, tinba, tofsee, tor known, tor relayrouter, tracking, traffic, trojanspy, tsara brashears, ttl value, tulach, type textplain, union, united, unknown, unruy, unsafe, urls, url summary, v3 serial, vawtrak, virut, wacatac, webtoolbar, whois lookups, whois record, whois server, win64, xrat, xtrat, zbot, zeus

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 4 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 1273 efedac4b8bb04c822f22af2ba216c2ccaee6324e3cb9698227a2aa2ff1eca275 c33764d4182de7e8176b5f8b4a0d6370d0f4149588148816b6b850e4e09c102f 8738c44b9ab0e783982568830cf6cc43061cad3194f06242cd0956414f525337 8bb4756f2c62cca578f658014eecc3c99036c4fd69a3ab83f0639687657f53bb c9ef22c33d8cd68acc76a954117c361e4de7837120620a5c812cd29d54215c3c ccc50770135882388767bfe9b77b661e1643c80acafa709bf36baaa536b441aa 5c9309bed3551e614dda055b573f9868cb284561f99be1e7c6b927236676b3c4 832ff3f1e6d51208362485b10e336b6df4fe9b7de22e18d8e386496aac6faef0 8703b6a58fec0b8aaa344316c4141bc26f2bbc6a808ceb606232ce93ee0befb4 d3b3dcf441459123463e9a4b82dd1599a1ac29ae4961f72c08480c0f56ad8e2c

Open Ports Detected

443 53 80 8080

Map

Whois Information

Links to attack logs

****** ****** ******

Share on: