198.100.148.99 Threat Intelligence and Host Information

Share on:
Apr 24, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force
  • Tags: Nextray, SSH, TOR, VPN, australia, brazil, bruteforce, canada, china, cowrie, cyber security, fail2ban, france, germany, group, india, ioc, italy, japan, korea, malicious, mothership, phishing, poland, singapore, ssh, ssh bruteforce, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, proxyspy_30d, proxyspy_7d

  • Country: Canada
  • Network: AS16276 ovh sas
  • Noticed: 49 times
  • Protcols Attacked: SSH
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ktmgaming.net www.mcs-belgium.com camu-gallery.com retromarket.org www.drfsupercenter.info drfsupercenter.net drfsupercenter.com www.drfsupercenter.com drfsupercenter.info

Malware Detected on Host

Count: 7 f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3 eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00 5ec5871b702ab135831503398816c6d1572c3371c48531dc3ffee82c4562dc4e 8f8fc97f52090f98b2993e250f6e3e81e5d2136f03e181020b18238951c9c90f ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86

Map

Whois Information

  • NetRange: 198.100.144.0 - 198.100.159.255
  • CIDR: 198.100.144.0/20
  • NetName: OVH-ARIN-2
  • NetHandle: NET-198-100-144-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS16276
  • Organization: OVH Hosting, Inc. (HO-2)
  • RegDate: 2012-07-05
  • Updated: 2012-07-05
  • Ref: https://rdap.arin.net/registry/ip/198.100.144.0
  • OrgName: OVH Hosting, Inc.
  • OrgId: HO-2
  • Address: 800-1801 McGill College
  • City: Montreal
  • StateProv: QC
  • PostalCode: H3A 2N4
  • Country: CA
  • RegDate: 2011-06-22
  • Updated: 2023-01-30
  • Ref: https://rdap.arin.net/registry/entity/HO-2
  • OrgAbuseHandle: ABUSE3956-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-855-684-5463
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
  • OrgTechHandle: NOC11876-ARIN
  • OrgTechName: NOC
  • OrgTechPhone: +1-855-684-5463
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

Links to attack logs

bruteforce-ip-list-2020-05-17