198.12.66.102 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.12.66.102 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: brute-force, bruteforce, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, tcp

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network:
• Noticed: 35 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: offlce365.network nnasout.com barawooff.com hesitatecast.win growndrier.bid

Malware Detected on Host

Count: 8 0deba8ea85be06af543e5135150d4f7fe5d9e6d1bbaf41213fec2f2c9dbe3d8e 27ba5f822b65845be81211412731aa8fa191e3550f583e5290745a17b0415ff6 d7922d4cc68833b535a01dc440a6286f5d08c018981b2a8df0dd4b288bc88280 c371f385124eb20b1921419c44035df5dc87055365b49b5ed5bd0d7f1e7f3fad 854d84554320fb70849f1c1ee17eb2ef4b80873ddf5fd3912df898e0726e024d 2e30eeb0f5c5bf1f8d8b467261de4a0c5a55841e12cb1bb3c996f58b170cc492 352a06a48ddb77e75cd54264c213c7adfe6a70c1bbb89f453cd41e4592ec3d8a 481276e61d0239ef4e13b9bf939c9e08c5222a0ab2250dfdb99c9292145c0852

Open Ports Detected

3389

Map

Whois Information

• NetRange: 198.12.64.0 - 198.12.127.255
• CIDR: 198.12.64.0/18
• NetName: CC-09
• NetHandle: NET-198-12-64-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS36352
• Organization: HostPapa (HOSTP-7)
• RegDate: 2012-07-10
• Updated: 2024-02-02
• Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
• Ref: https://rdap.arin.net/registry/ip/198.12.64.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN
• NetRange: 198.12.66.96 - 198.12.66.111
• CIDR: 198.12.66.96/28
• NetName: CC-198-12-66-96-28
• NetHandle: NET-198-12-66-96-1
• Parent: CC-09 (NET-198-12-64-0-1)
• NetType: Reassigned
• OriginAS: AS36352
• Customer: Jay Ramchandani (C11089725)
• RegDate: 2025-02-01
• Updated: 2025-02-01
• Ref: https://rdap.arin.net/registry/ip/198.12.66.96
• CustName: Jay Ramchandani
• Address: 128 City Road
• City: London
• StateProv: LONDON
• PostalCode: EC1V 2NX
• Country: GB
• RegDate: 2025-02-01
• Updated: 2025-02-01
• Ref: https://rdap.arin.net/registry/entity/C11089725
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN

Links to attack logs

bruteforce-ip-list-2021-07-27 ****** ****** ****** ******