198.12.123.178 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.12.123.178 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 62/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1218 - Signed Binary Proxy Execution, T1220 - XSL Script Processing, T1564 - Hide Artifacts

• Tags: adwind, adwind rat, agent tesla, agenttesla, aggah, alienspy, all at, amadey, ammyy, ammyy admin, andromut, angler, apart, april, asyncrat, august, aurora, ave maria, axpergle, azorult, belarus, bitcoin, bladabindi, bokbot, browserpassview, chacha, chanitor, chatgpt, chthonic, click, cloudeye, cobalt strike, cobaltstrike, copy, cridex, crimson, crimson rat, cryptbot, crysis, cve201711882, danabot, darkcomet, darkside, desktop, dharma, discord, dofoil, dridex, dunihi, dyre, egregor, emotet, eternalblue, execution, fallout, fareit, february, first, flawedammy, flawedammyy, formbook, friendly, gandcrab, glupteba, gootkit, gozi, guloader, hancitor, hawkeye, hermes, houdini, hunter, hworm, icedid, jenxcus, june, kill, killswitch, loader, lockbit, loki bot, lokibot, macos, mailpassview, mailto, maldoc, malspam, malware, march, mars, maze, mega, mexico, mimikatz, nanocore, nanocore rat, napoleon, nemty, netwalker, netwire, neutrino, next, njrat, nuclear, open, orcus, orcus rat, panda banker, path, phobos, pinkslipbot, poisonivy, polish, pony, powershell, predator, predator pain, psexec, qakbot, qbot, quasar, quasar rat, raccoon, racealer, ransom, ransomware, rats, recent blog, redline, redline stealer, remcos, revenge, revenge rat, revil, ryuk, ryuk ransomware, scarimson, screen, seen, servhelper, service, shadow, siplog, smokeldr, smoke loader, smokeloader, snake, sockrat, sodinokibi, spelevo, squirrelwaffle, sticky, systembc, teamspy, teamviewer, terdot, thief, track them, trickbot, trojan, troldesh, ukraine, ursnif, vawtrak, vidar, virustotal, wannacry, wcry ransomware, windigo, winrar, xtremerat, zbot, zloader

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: apesin.tech sonik-coin.site edgetradingoptions.online eliteexpresscarriers.com www.myhr.gravityso.com.ng myhr.gravityso.com.ng houseofsharongroup.com skyelinewalkhardwood.com redcrossicrc.org gmgstry.site fxcapitalgrowth.site focusholidayinn.com xrp20-coin.site tofoilcaspian.net savemyfund.space ledlife23.org destinyforexsignals.online clydeandoakcapital.com amsquareglobalresources.com saintraphealmedicalcenter.com odelekeservicesltd.com falconfxmarket.com everydayexpense.com extremetm.online importmultifix.site alshafxpro.online queensunions.com f3uni.org jjcinvestonline.com royalfinfxlive.com jensiv.tech hour-glassx.site bluebridge-invs.org shebaconstructionsafrica.com bastionunionpl.com finance-aids-global.com trustuniversal.online easyjackpotpips.online heritageway.org dellmont.tgbplc.com www.dellmont.tgbplc.com extremecryptomine.online priminternational.org pac-pk.org navybnkfederalcredituni0n.org rapidreturn.org tundemichael.com foc-practicals.org fountainoflifehealthcare.com huskrjp.com.ng www.accessdunes.com.huskrjp.com.ng accessdunes.com.huskrjp.com.ng stbank.grovplc.com www.stbank.grovplc.com invest.pclawconsults.com.ng www.invest.pclawconsults.com.ng www.hex-finance.online www.hybridstocktrade.com ebonyblaque.store efcu.site tezosmarket.online adibaritech.online orabktg.net aftraff.com above60care.com chicoties.com chieminentsmartwatch.com securedappsweb.com harvesttimeirl.com elitemtrade.com www.laroyalzproperties.laroyalzhomes.com katsinaunited.com.ng maigida.com.ng www.record.danhansel.com record.danhansel.com www.knox.princetech.com.ng knox.princetech.com.ng www.knox.com.ng knox.com.ng jobtabminisub.space affiliateaidfy.space collisioninc.site btc-20.site fundsforchildren.site rccgamericas.site fixappsync.site tezosmarket.org ccaworldwide.org veespell.org salvationhealthcare.org weeble.online aborde.online tuncan-leads.online suntrustfinance.online smoothexpressconveyance.online mammiemarket.online yemantroops.online bankofhope.online unityfxtrades.online rencefinance.online fpmarket.online dikachu-traders.com cakesbytamzz.com strategicindexcommunications.com infocoinexteam.com ibpccert.com zeenergyprojects.com portharcourtfoodbank.com boyekomolafeandco.com blockminochain.com bootsandhair.com globalcapitalbn.com gruvenuff.com okkentech.com unitedinations.com 100savings.com kucoinfunds.com findservi.com www.defiprosolutions.com royalgardenbar.ng uspace.ng www.tutorlords.com.ng tutorlords.com.ng www.edmaxbits.stelitebits.com stelitebits.com www.levoltlogistics.stelitebits.com edmaxbits.com levoltlogistics.com www.access.polarprofits.com www.rbc-b.com schoolabroad.space astronovaway.site fixserver.site wordbaseassembly.org aapcsgroups.org globalxchain.org gbahub.org jaafarhfoundation.org share-active0auth.online hfmengine.online securityfirm.online bluespotrealty.online onlinesupport.online ahatv.africa admin55.autocapindex.online www.admin55.autocapindex.online dynamicxpertsolutions.com digitalclientselite.com deximaphotography.com strongtowersuppliesltd.com speedyairespost.com spacexdoge1.com stixgate.com zodiacbridgestonecoin.com infinitypropertiesltd.com giventuresltd.com optivus1pty.com uddsus.com euroglrlsescort.com erbeel.com nurbletrade.com rbc-b.com royalcollegeofnursingezzangbo.com romeo14.com fcredunion.online nationalenergy.site mackevad.com.ng www.mackevad.com.ng.rencefinance.online www.deepwaterssolicitors.com.ng.rencefinance.online deepwaterssolicitors.com.ng summituniversity.edu.ng eastyorkscru.com fhorge.co xabchina.com apexcryptomaxtrading.com aaubashops.com motlogistic.com www.ovy.ng ovy.ng fullystacky.com fleetestate.online www.fleetestate.online techdomain.ng officialbit-io.online gravityso.com.ng swiftlogisticsgoup.org bitmondfx.com www.emesofarms.com glologisticsusa.com deyoungst.com www.princetonpub.confidentialcourrier.com princetonpub.com.ng princetonpub.confidentialcourrier.com breuddwyd.com bizreghub.com emesofarms.com lovandercu.com www.hugoequityltd.online hugoequityltd.online www.app.hugoequityltd.online app.hugoequityltd.online profxactivetrade.com christredeemersschool.com mail.incisivellc.com www.old.jromanagement.com jromanagement.com pay.hoekage.ng www.pay.hoekage.ng www.vojosolutions.org netplatnigeria.com isiteven.com www.isiteven.com www.facility24managementltd.com facility24managementltd.com agrominer.xyz solid-peakcapital.com bitforge.site bittrex-forum.org upper-alliances.com www.thunderleg.com.ng thunderleg.com.ng www.ptftrade.com bid-vest.online lentusfoods.com denizinfforr.live newagepharmaceuticals.com citidrive.ng www.citidrive.ng www.theamunion.com cepredip.com.ng www.student.chstjega.edu.ng student.chstjega.edu.ng buyplusmall.com www.oc.kittychest.com oc.kittychest.com www.ceedwest.com divinegrace.com.ng divinegrace.com.ng.moneyhustler.com.ng www.divinegrace.com.ng.moneyhustler.com.ng infinitymax.online www.copyvista.com copyvista.com extbonline.space starlifefoundation.org primefolio.org annexxmail.online v-brims.com help-deskroom.com newboldaccessexchange.com bitforge.online www.clevaro-alliance.com clevaro-alliance.com frienzylinks.com www.green-oaks.co.uk.haypex.com.ng green-oaks.co.uk.haypex.com.ng green-oaks.co.uk www.vedrapole.org vedrapole.org www.canadairc.com.rcccanada.com canadairc.com.rcccanada.com canadairc.com wolfgroup.com.ng waxiprofit.com harbormfgonline.com www.kiddiesville.com kiddiesville.com luxerndoff.com messiahictsolution.com.ng jan-pro.com.ng www.rubiescapital.live rubiescapital.live www.mypaglobalinvestment.rawaaplastmypa.com.ng mypaglobalinvestment.rawaaplastmypa.com.ng www.turbo-inc.princetech.com.ng turbo-inc.princetech.com.ng turbo-inc.online www.ultrasmkt.com www.laroyalzhomes.com www.cbdunionreservesedge.com www.100hits.com.ng 100hits.com.ng creditsiusebank.com www.icetradecaptial.index-cmt.com icetradecaptial.index-cmt.com isesudohent.com.ng wibatng.org preggify.com wibatng.org.tnhnnewi.com www.wibatng.org.tnhnnewi.com www.sofiglobal.nobminer.com sofiglobal.nobminer.com mail.sofiglobal.org cityfarmersscheme.netplatnigeria.com www.cityfarmersscheme.netplatnigeria.com www.royalkingstelecoms.com royalkingstelecoms.com www.sofiglobal.org sofiglobal.org whiznoch.com.usefastpay.ng www.whiznoch.com.usefastpay.ng whiznoch.com oltorsatltd.com orlsmss.store td-ameritrades.com stellarpower.ng www.stellarpower.ng www.request.lulumulticoncept.com.ng request.lulumulticoncept.com.ng www.learn.ahlfigh.com learn.ahlfigh.com medlawhub.com www.medlawhub.com tordban.space www.nathcarefoundation.com abiaresources.com credit-card-generate.rsb.com.ng medoniceconsult.com www.jumideresource.com market.techalton.com www.market.techalton.com firsttrone.com protembilcof.com universalstockexchangetrading.online www.cgist.com.ng atlanticcontractingcanada.com www.booking2.palminventive.com booking2.palminventive.com www.viller.online www.pro-fitwithdrawal.com pro-fitwithdrawal.com www.applyfirstlifegrants.com.smartmarginmkt.com applyfirstlifegrants.com.smartmarginmkt.com applyfirstlifegrants.com gowenglobal.com stm8.online stylishmelissahr.com www.scheinenbank.hsemanagers.com.ng scheinenbank.online www.hopcom.org hopcom.org www.app.howtech.africa app.howtech.africa raffaztech.com kingsleymadu.kingkomo.com.ng www.kingsleymadu.kingkomo.com.ng www.get-reliefloan.site get-reliefloan.site.intlfxbaileydigital.online www.get-reliefloan.site.intlfxbaileydigital.online get-reliefloan.site go-reliefloan.site gfsid.online www.goldexpressservice.thaicreditbk.com goldexpressservice.thaicreditbk.com goldexpressservice.online vtusite.com.ng.teamedu.com.ng www.vtusite.com.ng.teamedu.com.ng keepsafecapitalbnk.com fcttraditionalrulerswives.org www.reportgbv.fcttraditionalrulerswives.org smtupbeatfxmarket.online maioni.space ogabuy.org houseofdemmy.com jibril.xyz stelfast.net www.spemffa.com checkengineer.com www.register.cacmusic.net quaijje.site oshodiomolade.com.ng www.oshodiomolade.com.ng app.ebahia.ng www.app.ebahia.ng www.inventory.temiledev.com inventory.temiledev.com www.epicgrowthfund.co epicgrowthfund.co jeebzign.xyz www.ubsonlineportal.com www.inkafrica.com.godsknothospital.com.ng inkafrica.com.godsknothospital.com.ng inkafrica.com www.nanaovenxlogistics.com globalfx.org polytradingpro.online www.socialboostco.com.ng.sapasub.com.ng socialboostco.com.ng.sapasub.com.ng socialboostco.com.ng www.swiftfusion.tech www.status.samsunghelp.co status.samsunghelp.co www.bn.ramiltonsfin.com unitedoverseas.online coindex-finance.com adcdelivery.site.intlfxbaileydigital.online www.adcdelivery.site.intlfxbaileydigital.online adcdelivery.site gruppocaesars.org magicaltrades.com palmoffshoreglobalfinance.com www.asotechconstruction.com foodcabana.magnatedevelopment.com test.magnatedevelopment.com osmartjpharmacy.magnatedevelopment.com heritagebox.magnatedevelopment.com feeds.columnfeeds.online mail.simedarbyltd.com www.cargo.swiftlogisticsgoup.org cargo.swiftlogisticsgoup.org www.ascendroyal.com.ng ascendroyal.com.ng kevesgloballeasing.com www.everbright.mrdon.ng everbright.mrdon.ng www.akinjo.africa www.mabanquebnparibas.com www.lluk0il.com.alahliplc.com lluk0il.com lluk0il.com.alahliplc.com fishtagon.com ladyshabach.com www.bthomesandleisureonline.com 1xtrdesmbox.com www.revolcredit.com revolcredit.com airtrustservice.com www.airtrustservice.com www.skyline-tb.online grading.leastpayproject.com.ng www.grading.leastpayproject.com.ng fexlogistics.online avanfinance.ltd asussfctcoop.com teestorezmart.com datapadi.com denixbank.com coingoldfx.com cristinalysl.com smpplc.com miriamhomerl.com interconng.com elizabethsteve.com nexatradesm.com royalrootscinemas.com reytekgadgetstore.com rosemeresl.com fxdigitalcoinstrades.com fc-chambers.com citygrills.com.ng www.platinumcapitalinvestment.idev.ng platinumcapitalinvestment.idev.ng www.newaccount.platinumcapitalinvestment.com platinumcapitalinvestment.com www.ghbulksms.freesmsplan.com ghbulksms.freesmsplan.com wordpressfmo.site betterjobs-usa.org hymnswithdescants.com travissignature.com spoova.com meggiesmart.com buildtogetherhq.com www.icoman.com.ng www.tchest.com.ng b.burpeernation.com.ng universaldonors.org wealthykatebrand.com vantageagroallied.com.ng www.hexatradesm.nexatradesm.com hexatradesm.com hexatradesm.nexatradesm.com cbdunionreservesedge.nexatradesm.com cbdunionreservesedge.com www.cbdunionreservesedge.nexatradesm.com swiftcitymoversng.com.ng exodusalliancearbitrage.com www.strivitalcare.name.ng sjskdlld.site bhsphosa.com.ng humminngbird.com www.vimeo.greatlifehub.ng vimeo.greatlifehub.ng aplusevo.com.ng bethelhealthcare.com.ng bethelhealthcare.com.ng.ab10specialist.com.ng www.bethelhealthcare.com.ng.ab10specialist.com.ng ab10specialist.com.ng wafert.com www.royaltyace.com.ng royaltyace.com.ng deltominventorysolutions.com.ng cidarshomes.com nobminer.com fmogs.online www.staging.howtech.africa staging.howtech.africa tordoban.com upper-finance.com metamasksupport.online delwit.com

Malware Detected on Host

Count: 5 d438311a2dadd7987badd34b35d23be9f407c3bf6267501d1744df5125112b7e 49dea02756789d9952c271422847801fe76a3a0dc1885060a8b295611bf0d139 4644f030eaedbb3fe7ff506a20d2e58dffbaaf2cdb5ad101f71e7b3e219de44d bc0c97620bdbbefab2c948545289b965bc9e978d9ed9a1cedb06de4c4c4e4dc4 9826774d80baf88f673bcc86b3431f6bdea1f235eaedf236108f0b65cbf5cc48

Open Ports Detected

22 80

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2024-6387 CVE-2025-26465

Map

Whois Information

• NetRange: 198.12.64.0 - 198.12.127.255
• CIDR: 198.12.64.0/18
• NetName: CC-09
• NetHandle: NET-198-12-64-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS36352
• Organization: HostPapa (HOSTP-7)
• RegDate: 2012-07-10
• Updated: 2024-02-02
• Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
• Ref: https://rdap.arin.net/registry/ip/198.12.64.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN

Links to attack logs

****** ****** ******