198.38.82.90 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.38.82.90 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 44/100

Host and Network Information

• Mitre ATT&CK IDs: T1105 - Ingress Tool Transfer, T1566 - Phishing

• Tags: addresses, autoit, compromise iocs, emotet, endpoint secure, iocs file, json, mitre att, na stealthwatch, occurrences ip, qbot, registry keys, see json, tofsee, worm, zbot, zeus

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_emd, hphosts_psh

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: SSH

Malware Detected on Host

Count: 28 8f6198fb2a40e2c97506b399e54a60702fe08ee653ed196eb4c023fcd1e240c5 63fdd271934757de4e680ff142610402ab601a6e470c6fba5fd73c5049ac0470 b373bfafbea3992f84b9fa862624a911a74e3379cfa0db0e25294521ea3105fc e670e7e426009d13b122f0f1bcc48c4f3cfcaaa3dd6159704290435c23200190 eb3e531a9ad7bac52885f66e9224dd9543704d18cdf94d95979c7b6d9d2c1e08 89b8f1f3e8fb33649fab5a210ccdb4ffe79f19a6518484a341cb637336f022e1 5892ad12c9cbbb23b5d28863c30a675f8484b18914b79f24042e68e3878b477c 2bcaf8b06bec672d70dcb133316f3d571b5183740f8678c02ed7b57f81ca7d36 90462bba4bd8ee1b0e442050d6e8f6880daa7ce74d0cd9da1c6e4067e8a16221 6ad7f99fc894da684e1ca13e427c11d5f3656e4687cf1c9a9748196463913826

Open Ports Detected

135 1433 22 3389 445 47001 5985 5986 80

CVEs Detected

CVE-2020-0796

Map

Whois Information

• NetRange: 198.38.80.0 - 198.38.95.255
• CIDR: 198.38.80.0/20
• NetName: RIPE
• NetHandle: NET-198-38-80-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2023-06-15
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/198.38.80.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

****** ****** ******