198.244.149.249 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.244.149.249 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1110 - Brute Force

• Tags: Bruteforce, cyber security, ioc, malicious, Nextray, phishing, scanners, ssh, vultr

• View other sources: Spamhaus VirusTotal

• Country: United Kingdom
• Network:
• Noticed: 37 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: personalprofile.info lnws1.sshstores.vip

Open Ports Detected

100 1000 10000 1002 1012 102 1023 1024 1025 1027 1029 104 1050 1080 1099 11 110 111 113 1153 1177 1181 119 1193 1195 1200 122 1234 1235 1250 1283 13 131 1311 1337 1344 135 1355 1365 1387 139 1400 1414 1433 1443 1444 1447 1457 1460 1471 1494 15 1500 1521 1557 1599 1604 1660 17 1700 1723 1741 175 179 180 1800 1801 1820 1830 1883 19 1901 1911 1925 1926 1935 1947 195 1951 1953 1954 1956 1958 1962 1966 1973 1977 1983 1984 1988 199 20 2000 2001 2002 2003 2006 2008 2012 2021 2030 2048 2051 2057 2067 2068 2069 2079 2081 2082 2083 2086 2087 2101 2109 211 2121 2154 2181 22 2200 221 2222 2223 2225 2232 2233 23 232 2323 2332 234 2345 2362 2363 2375 2376 2379 2404 2435 2443 2480 2549 2550 2557 2562 2566 2569 2570 26 2628 263 264 2650 2762 2985 2995 3000 3001 3006 3008 3009 3010 3016 3017 3020 3049 3050 3051 3054 3059 3063 3068 3069 3070 3071 3074 3081 3086 3091 3097 3099 3101 3107 311 3110 3112 3115 3116 3117 3118 3122 3127 3128 3132 3134 3135 3137 3140 3144 3147 3148 3149 3152 3161 3162 3165 3166 3172 3173 3176 3180 3181 3192 3195 3196 3198 3260 3268 3269 3299 3301 3306 3307 3310 3333 3341 3342 3349 3388 3389 340 3403 3404 3410 3443 3460 347 3479 3510 3521 3522 3540 3541 3542 3548 3550 3551 3554 3555 3556 3559 3567 3569 3570 3580 3622 3689 3690 37 3749 3780 3790 3791 3793 3794 38 3841 3842 389 3910 3954 4000 4002 4021 4022 4040 4063 4064 4085 4100 4117 4150 4155 4160 4165 4242 4244 427 4282 43 4300 4321 4343 440 443 4433 4434 4435 4437 444 4443 4444 4447 4449 445 4451 4455 4461 4463 450 4500 4502 4506 451 4510 4520 453 4545 4567 4572 461 462 4646 465 4664 4782 4786 480 4840 4848 487 488 4899 49 4911 4949 4999 5000 5001 5003 5004 5005 5006 5007 5010 502 503 5080 5090 5119 513 5135 5140 515 5150 5190 5201 5222 5225 5226 5227 5230 5235 5241 5248 5249 5252 5254 5255 5260 5261 5262 5263 5268 5269 5275 5278 5279 53 5321 5351 5357 541 5432 5435 5444 5446 5454 5456 548 5494 5495 554 5543 5552 5556 5557 5591 5594 5601 5604 5606 5607 5640 5650 5672 5800 5801 5858 587 5900 5901 5909 591 5912 5913 5915 5916 5917 5918 5920 593 5938 5984 5985 5986 5988 5989 5999 6000 6001 6002 6004 6005 6007 6008 6036 6060 6061 6080 6100 6308 631 636 6363 6379 6380 6432 6433 6443 646 65 6511 6512 6550 6556 6565 6580 6581 6588 6590 6601 6633 6653 666 6662 6664 6666 6667 6668 6686 6688 6697 6700 675 6775 6799 685 6887 70 7000 7001 7005 7014 7016 7018 7022 7025 7070 7071 7081 7084 7105 7171 7172 7173 7218 7331 7415 743 7434 7443 7444 7445 7465 7474 7500 7537 7601 7634 7657 7687 771 772 7771 7774 7775 7776 7777 7778 7782 7790 7799 782 785 7887 789 79 7989 80 8000 8001 8003 8005 8006 8008 8009 8010 8011 8012 8014 8020 8024 8026 8027 8031 8032 8033 8034 8037 8039 8042 8048 8049 8062 8064 8065 8068 8069 8070 8075 8076 8078 8079 8080 8082 8085 8086 8087 8089 8090 8094 8096 8098 8099 81 8101 8102 8105 8107 8111 8112 8113 8114 8117 8119 8123 8126 8128 8130 8131 8132 8133 8138 8139 8140 8142 8147 8150 8151 8152 8153 8155 8158 8160 8163 8164 8168 8169 8174 8175 8179 8180 8181 8184 8186 8188 8194 8197 8199 82 8200 8230 8238 8248 8251 8283 8291 83 830 8315 8317 8322 833 8333 8343 8350 8382 8384 8388 84 8402 8403 8406 8412 8415 8418 8421 8424 8431 8432 8443 8450 8451 8452 8456 8466 8467 8481 8482 85 8505 8506 8524 8525 8526 8528 853 8533 8536 8543 8544 8545 8550 8553 8554 8558 8563 8565 8570 8575 8576 8577 8582 8583 8587 8588 8589 8592 8594 8596 8602 8637 8649 8686 8700 8701 8702 8706 8709 873 8743 8788 8789 8790 88 8800 8801 8805 8808 8812 8814 8815 8822 8823 8825 8827 8828 8830 8837 8839 8844 8845 8849 8852 8853 8856 8867 8870 8871 8875 8878 8880 8882 8883 8884 8888 8889 8899 89 8900 8906 8907 8908 8912 8913 8916 8969 8988 9000 9001 9002 9004 9006 9008 9009 9012 9013 9016 9017 9018 902 9022 9023 9027 9028 9031 9032 9033 9040 9042 9044 9046 9049 9051 9053 9058 9059 9060 9067 9068 9070 9071 9072 9074 9077 9078 9080 9081 9084 9088 9090 9091 9092 9094 9095 9096 9099 91 9100 9101 9102 9105 9108 9109 9113 9120 9128 9129 9130 9134 9141 9145 9151 9153 9157 9158 9160 9164 9168 9172 9174 9175 9178 9181 9183 9186 9187 9188 9189 9191 9194 9195 9197 9198 9200 9201 9206 9207 9219 9223 9241 9248 9256 9291 9295 9306 9313 9315 9350 9351 9389 9393 9398 9399 9418 9433 9443 9446 9447 9454 9458 9480 9488 9500 9505 9529 9530 9532 9595 96 9600 9606 9663 9690 9700 9734 9761 9800 9802 9803 9804 9869 9876 9885 9888 9898 99 9908 9916 9919 992 993 9939 9943 9944 995 9966 998 9981 9990 9997 9998 9999

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-3618 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-44487 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

• NetRange: 198.244.128.0 - 198.244.255.255
• CIDR: 198.244.128.0/17
• NetName: RIPE
• NetHandle: NET-198-244-128-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2021-02-22
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/198.244.128.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2022-10-07 ****** ****** ******