198.100.148.99 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.100.148.99 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing, TOR, VPN

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: proxyspy_30d, proxyspy_7d

• Country: Canada
• Network:
• Noticed: 35 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: ktmgaming.net www.mcs-belgium.com camu-gallery.com retromarket.org www.drfsupercenter.info drfsupercenter.net drfsupercenter.com www.drfsupercenter.com drfsupercenter.info

Malware Detected on Host

Count: 8 8d9b125fdc7ea077e17ade8eaf0436ede1c053be4217cb15ad0e8824493fd06b f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3 eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00 5ec5871b702ab135831503398816c6d1572c3371c48531dc3ffee82c4562dc4e 8f8fc97f52090f98b2993e250f6e3e81e5d2136f03e181020b18238951c9c90f ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86

Map

Whois Information

• NetRange: 198.100.144.0 - 198.100.159.255
• CIDR: 198.100.144.0/20
• NetName: OVH-ARIN-2
• NetHandle: NET-198-100-144-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS16276
• Organization: OVH Hosting, Inc. (HO-2)
• RegDate: 2012-07-05
• Updated: 2012-07-05
• Ref: https://rdap.arin.net/registry/ip/198.100.144.0
• OrgName: OVH Hosting, Inc.
• OrgId: HO-2
• Address: 800-1801 McGill College
• City: Montreal
• StateProv: QC
• PostalCode: H3A 2N4
• Country: CA
• RegDate: 2011-06-22
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/HO-2
• OrgAbuseHandle: ABUSE3956-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-855-684-5463
• OrgAbuseEmail: abuse@ovh.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
• OrgTechHandle: NOC11876-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-855-684-5463
• OrgTechEmail: noc@ovh.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

Links to attack logs

****** bruteforce-ip-list-2020-05-17 ****** ******