198.12.125.130 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.12.125.130 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056 - Input Capture, T1114 - Email Collection, T1564 - Hide Artifacts, T1566 - Phishing, T1569 - System Services

• Tags: agent tesla, any.run, appdata, ave maria, carter, c server, danabot, dridex, first, formbook, keylogger, loki bot, lokibot, lokibot malware, lokibot spyware, lokibot stealer, machineguid, next, remote access, trojan, warzone

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_psh

• Country: United States
• Network:
• Noticed: 3 times
• Protocols Attacked: SSH
• Passive DNS Results: www.black-cep.vestacos.com black-cep.vestacos.com cpanel.centricunionresered.com webmail.centricunionresered.com cpcontacts.centricunionresered.com wrldbkswitzerland.com cpcalendars.protradecryptofx.online cpanel.protradecryptofx.online cpcontacts.protradecryptofx.online bionetfxa.online unitedcob.org newdevelopmentcrs.com tethrkoin.online tethkoin.online pathfinderteth.online fctcunion.online ofrice.live dorsetepcm.com publishercaregiveaway.org proenzaschauler.com bermudabrokers.online shieldprime.org globalcryptofx.mintsfx27.com streetkidshelpinginitiative.com javuintegrated.com avanfortune.org centricunionresered.com globalfxtrade24.com digitaltrustreserved.com firstunionchase.com skiiandco.com revalidatewebs.website a-maxglobal.org gibnss.com gatanmarayufoundation.org gracedefinitionchurch.com apextrading.pro xprexbnarym.com centritools.site aruaui.org global-realestate.org phemexglobalimited.org realitynews.online azirahoilgas.com treconcept.com trehms.com titodrew.com shipmatepostals.com mediterranetransitcs.com zenithgracehomes.com preziagroup.com bluerayplc.com greficapital.com ghosenfinance.com kamcoarabinvest.com www.farmkwara.ng gatewaysxpress.online softtouchentertainment.net legacyexdelivery.com rccgffthurrock.org corsairproperties.com smbsfrs.com grownharmony.com trinityforestry.org binotradefx.com tecino.ng tecino.ng.checkddecklimited.com www.tecino.ng.checkddecklimited.com dotherightthingcampaign.com obonewsupdates.com netmoni.com fivefortysixlogistics.org hauserfoundation.online aslantadesigns.com anchorfashionaf.com theboxodds.com terminationboard.com cryptotradesai.com capitalburgeon.com coinfinixpro.com platinumbartters.com gctagcy.com olusegunbillionaire.com dipossia.org hillga.org mspshrineiperu.org ovhsecurity.org ubtrade.online fxbyte.online finbcu.online devteamtool.dev agmcforex.com dauogik.com canadnbaca.com millgate-ng.com masters-invest-enterprise.com precisioncrafttools.com govt-mfa.com bdoge2bsc.com kwakolconsultancy.com flightfocushq.com froshdaniels.com fastwaydeliveries.com foreigcapitalbank247.com www.cnscomputers.mspshrineiperu.org cnscomputers.mspshrineiperu.org cnscomputers.com.ng xprotrade.online expressdeliverycompany.online devtownafrica.com moglaxoption.com blurspotonline.com review-mygov-au.click mattiasinteriodesigners.com imolecollege.com.ng www.imolecollege.com.ng elitesmarttrade.com thedestinedschools.com.ng ancienthelp.org www.fnphbudoegba.gov.ng cogis-edu.ng lawfirm-rayan-madkhali.com coin-pax.org speedwayinvest.net www.wilisefdatatechnologies.com www.earningfortune.com earningfortune.com crystalhub.store www.faithdavidmews.ng faithdavidmews.ng www.o-u-t-l-o-k-ms.recglonets.com o-u-t-l-o-k-ms.recglonets.com www.cryptoprofx247mail.traitlinedelivery.com www.admin.traitlinedelivery.com unityfxsignal.com upper-room.tk.thekingsocial.com.ng upper-room.tk www.upper-room.tk.thekingsocial.com.ng fix-mainnodes.com daimondkiddieswears.com.ng vogueexpress.ng alliancebanking.us thebloomingpodcast.com.niolalonge.com www.thebloomingpodcast.com.niolalonge.com ayodele.work onlystaff.ng therccgmp.org www.therccgmp.org bitsobr.com www.hor.viralvote.cloud kkwo.novus.com.ng kkwo.org www.kkwo.novus.com.ng joymustcomel.nomacinplus.com.ng logiccamp.com.ng laundry.onpointgroup.ng www.laundry.onpointgroup.ng www.subme.skulive.com subme.skulive.com alldaypay.online julietnow.online tracesco.com ollemsfarms.com europelogisticsgl.com www.joelinenergy.com admin.alldaypay.online www.admin.alldaypay.online i-refuge.org florininvestments.org www.ereukaexpress.com fugb.online trivestarlogistics.com www.eastlandgroupltd.org www.zataehub.com.ng zataehub.com.ng.gloriousbeginnersschools.com.ng zataehub.com.ng www.zataehub.com.ng.gloriousbeginnersschools.com.ng www.daddybsings.com.lamango.com.ng daddybsings.com.lamango.com.ng segzah.com motelola.com www.5starcourses.ng regalcontinentall.online www.portfolio.zekkah.com portfolio.zekkah.com vitanigoldtravelandtours.com www.infinitech.us saltandlightinspire.com online.wafbanksng.com www.online.wafbanksng.com turkeydaily.online ihabibsmartreserve.online umail-hinet.net www.test.hashtagng.com test.hashtagng.com www.joey.zhibodigital.com joey.zhibodigital.com zhibodigital.com www.kadecommunicationng.com goleadfundraisers.com towerssolicitor.com trustpilot.ng w3webconage.com www.academy.hashtagng.com academy.hashtagng.com test.peaceryde.com www.test.peaceryde.com govrt.indianasupslinks.site www.govrt.indianasupslinks.site www.proleger.org reportcoinabuse.online hairvoluum.site ritas-kitchen.org 1human-kind.org isogroup.online swizzprodomestictrust.com horllybee.com www.kovahotel.com kovahotel.com tmarketinvestor.com www.rhodiulabs.ng feliciaagbajememorialfoundation.ng groliteenergy.com www.new.viralvote.cloud www.gel.viralvote.cloud fin.standardglobafins.com www.fin.standardglobafins.com skyfieldshippingline.online admin.w-fitness.ng www.admin.w-fitness.ng generalmgali.com ornalglobal.com worldwidedeliverycourier.com www.worldwidedeliverycourier.com defiunivest.com rariabble.com toscanasportsclub.org tunjiassortedcapitals.com growth.ddns.net.donald-j-trump.online www.growth.ddns.net.donald-j-trump.online growth.ddns.net tullowoilplc.com tsfinb.com marcheenergies.com primestarstradings.com fingrenn.com revalidateweb.website alphawealthservices.org leadessence.org renewedhopeinitiative.org www.netlinkconsultancyltd.com westeralstrust.com avanfortune.com derivsupporthq.com cheezis.com cykkle.com veroxtrade.com mbignaija.com quickmatrixtrade.com peddlenancepro.com renewedhopeinitiative.com fu-holdings.com westfildgroups.com sparextech.com aquoshotels.site lpgoil.site mgsstore.site apexfocusgroup.org ipmtcenter.org gayiafrica.org proleger.org cryptobase247.net www.vibromac.com.ng alakopoints.com amazingfaithblog.com ayomikunadenitire.com tranquilpay.com multidexprotocol.com samalifted.com mondieuemployment.com megabliz.com insighttrek.com pparkerslawfirm.com peculiartreasureschristiancentre.com gandoelectrix.com oneunioncapital.com unitedfrontscaregiverspswglobal.com elsimcometics.com nooniekitchen.com realhotelist.com firstlifegrants.com www.explorecelebs.com explorecelebs.com traitlinedelivery.com www.mydtelecoms.mydtelecoms.com.ng mydtelecoms.mydtelecoms.com.ng mydtelecoms.ca cashclinerecords.com orchidtech.org fxtd-ldt.online eximus-recruitment.co.uk faithberida.com.ng allunitedbglobals.com abdulrahmanumar.online stevecholland.com mail.stevecholland.com www.stevecholland.com westernhemispherecapitals.com adcotender.com.au trusthighsky.com celestialchurchhqt.org.ng hansenaccess.online duowork.tech quickdappset.site indianasupslinks.site donate-drive.org nippyestate.org skibusiness.org shavonnecareintl.org standard-c.online bathshuabdc.org fxtdltd.online pesrt-investment.online gloryjoy.com.ng accurratecourierservice.com ajewoleatm.com anneswellnesshabour.com tgaccompany.com comradevillaestateltd.com shammahglobalconcepts.com santequitypro.com secureclydesdale.com scorerstrade.com huddlefootballcup.com hallowedhandsfurniture.com lizmipee.com inzaideout.com irs-relieffund.com peemandevelopers.com probitsmarket.com bpwestb.com globalcrypto-bitfinex.com gazelleogroup.com joycehealthcareltd.com jacintachiomaodirichukwu.com unsoffice.com ezeref.com eleemonindustries.com edalimed.com netlinkconsultancyltd.com 212goexpress.com ksavaluers.com reinventint.com www.stockfxprotrade.com.firstgeogian.com www.secure.firstgeogian.com stockfxprotrade.com kudcollections.com blockhubvest.xyz www.masterpiecelimited.com masterpiecelimited.com tsfinbcu.com ab-bkr.com omotayobamidelediavident.com.ng www.account.oneunioncapital.com account.oneunioncapital.com apply.firstlifegrants.com www.apply.firstlifegrants.com nikeproductestersurvey.com zppharmaceutical.com konnectar.site mountsiniaparks.org codesprint.biz dependentcourier.com credencepal.com synnexmusic.com ijoborglobalservices.com excelfxtraders.com ecorocksafrica.com nfilogistic.com 9jastuff.com kunlemedicalcentre.com frankonic.com natldbpalau.com www.online.natldbpalau.com online.natldbpalau.com megapowerassemblyministry.com roomscout.ng fcessucoen.org.ng usmilitarybase.online webmail1earthlink.online lacxia.com leadslogisticcompany.com donald-j-trump.online solidsbc.com www.universalfastways.universalfastway.com universalfastways.universalfastway.com crunchbasetradeusa.com idongeteng.com www.thetrumpetngr.benudechukwu.com thetrumpetngr.com thetrumpetngr.benudechukwu.com dgraceconsult.com yapikrediozelbankacilk.com test.jobpify.com www.test.jobpify.com acadahost.com.vbtest.com.ng acadahost.com www.acadahost.com.vbtest.com.ng www.vidoe.gladanlimitedcomputers.com.ng vidoe.gladanlimitedcomputers.com.ng www.socialboost.yezzytech.com www.sippie.ng.cogentdev.ng sippie.ng.cogentdev.ng sippie.ng cryptomoon-investment.lat trybeone.ng pridedel.com shippingsportal.com www.rbcpayment.com rbcpayment.com zaralogistics.aodsolartricity.com.ng www.zaralogistics.aodsolartricity.com.ng www.ttrdatascienceclub.ttrconsult.com.ng ttrdatascienceclub.ttrconsult.com.ng www.yible.com.ng yible.com.ng trufudmart.com ableelectricsinc.com www.akatson.skulive.com akatson.skulive.com www.api.femosthomesltd.com api.femosthomesltd.com syproscryptoxchange.com www.account.syproscryptoxchange.com yinkadconsult.com yinkadconsult.com.crackerjacksecurities.com www.yinkadconsult.com.crackerjacksecurities.com pioneertech-inc.com amytonagric.dotun.com.ng amytonagric.com www.amytonagric.dotun.com.ng worldscholarsjournals.online www.blogs.domhorsesales.com.ng www.learning.domhorsesales.com.ng www.ventota.domhorsesales.com.ng www.express.logisticsuniversalshipping.com pioneer-mining.com fokustechnocrats.com www.fokustechnocrats.com.osarotopimpact.com fokustechnocrats.com.osarotopimpact.com segib.online www.remit4ever.com studentadvisor.online www.api.pioneer-mining.com api.pioneer-mining.com www.alexander.therccgmp.org alexander.therccgmp.org pulsepaw.com i-will-let-you-know-everything.verifiedcelebsupdates.com www.i-will-let-you-know-everything.verifiedcelebsupdates.com theofficeeverywhere.com wmttravelvacation.com productupdate.ugoceenigeria.com www.productupdate.ugoceenigeria.com noluxtechnologies.com www.toptraderhub.com toptraderhub.com www.transfarescraper-airline.verifiedcelebsupdates.com transfarescraper-airline.verifiedcelebsupdates.com www.vfsglobal.gov.highcommission.cfd gov.highcommission.cfd www.highcommission.caleblessing.site highcommission.caleblessing.site highcommission.cfd dps-texas.org gc-ca.site www.seo.custy.ng seo.custy.ng elegantstudio.com.ng megasolution.com.ng www.viralvote.cloud viralvote.cloud midea-group.shares.mideainvestment.com www.midea-group.shares.mideainvestment.com www.midea-group-shares.mideainvestment.com midea-group-shares.mideainvestment.com www.shares.mideainvestment.com shares.mideainvestment.com mitchelleunice.com www.staging.tominternational.org staging.tominternational.org www.bitkosis.haaf.org.ng bitkosis.haaf.org.ng portfolio.custy.ng www.portfolio.custy.ng vfsglobal.gc-ca.site www.vfsglobal.gc-ca.site cic.gc-ca.site www.cic.gc-ca.site tractask.com.ng

Malware Detected on Host

Count: 3 ca5c064179b5203f23724e4ed3382dbbd6617609311c1a8a4c1bf22b555a98d5 2aa05263daad6bb4c424b7c09e8288958905cad345f6e94259d3f59000760cc4 94c373a82f981a98faf1499089407ace0638df316a1191ce0451e0409711f29d

Map

Whois Information

• NetRange: 198.12.64.0 - 198.12.127.255
• CIDR: 198.12.64.0/18
• NetName: CC-09
• NetHandle: NET-198-12-64-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS36352
• Organization: HostPapa (HOSTP-7)
• RegDate: 2012-07-10
• Updated: 2024-02-02
• Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
• Ref: https://rdap.arin.net/registry/ip/198.12.64.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN
• NetRange: 198.12.125.128 - 198.12.125.143
• CIDR: 198.12.125.128/28
• NetName: CC-198-12-125-0-28
• NetHandle: NET-198-12-125-128-1
• Parent: CC-09 (NET-198-12-64-0-1)
• NetType: Reassigned
• OriginAS: AS36352
• Customer: Arif widiyanto (C10448188)
• RegDate: 2023-11-21
• Updated: 2023-11-21
• Ref: https://rdap.arin.net/registry/ip/198.12.125.128
• CustName: Arif widiyanto
• Address: medayu utara I panti asuhan 2
• City: surabaya
• StateProv: JAWA TIMUR
• PostalCode: 60295
• Country: ID
• RegDate: 2023-11-21
• Updated: 2023-11-21
• Ref: https://rdap.arin.net/registry/entity/C10448188
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN

Links to attack logs

****** ****** ******