199.188.200.230 Threat Intelligence and Host Information

Apr 04, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 199.188.200.230 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 69/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1095 - Non-Application Layer Protocol, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window, T1571 - Non-Standard Port, TA0006 - Credential Access, TA0011 - Command and Control

  • Tags: aaaa, accept, access ta0006, acint, activity mirai, address, address virtual, a domains, agent, agent tesla, agenttesla, agentteslaexe, alerts, alexa top, algorithm, a li, alienvault, all scoreblue, all search, america asn, analysis date, analytics na, analyzer threat, apache, april, arkeistealer, artemis, as131392, as14315, as16625 akamai, as20546 soprado, as20940, as38731 vietel, as45102 alibaba, as7552, as7552 viettel, august, av detections, azorult, azorultexe, bashlite, behav, body, cape, china as37963, cisco umbrella, cleaner, cloudflare, cname, code, code signing, coinminer, command, compiler, conduit, contained, content, control ta0011, copy, core, country, crack, create, create c, creation date, cyber defense, cyberstalking, danabot, darkgate, darkrat, data redacted, date, december, deep malware, default, default page, delete, delphi, detections file, detections type, dlls, dns replication, dock, domain, domain check, downldr, downloader, dridex, dridexopendir, dropper, dumping t1003, echobot, echobot malware, elf64 data, elf executable, elf info, emotet, emotetheodo, encrypt, english, entries, enumerates, etag, exec, executable, executable file, execution, expiration date, exploit, external-resources, facebook, filehash, files, file score, files ip, files referring, filetour, file type, first, flags, formbook, for privacy, fri mar, from, gandcrab, generic, generic malware, genkryptik, germany, get hello, gifts, google tag, gootloader, gozi, graph summary, hacktool, hancitor, hawkeye, header class, header version, hello, heodo, heur, hidden privacy, highly targeted, historical ssl, hong kong, hostname, icedid, identifier, ids detections, iframe, iframes, inbound, info, info sections, infrastructure, injector, insight tag, installcore, intel, iobit, ip detections, ip reputaion, ip summary, ipv4, javascript, jaws webserver, june, just, karen, key algorithm, key identifier, key info, kpot, kpotstealer, lazarus, linux, loader, location lao, location viet, loccel1, logistics, loki, lookups, luminositylink, magic elf, magic msdos, malicious, malicious site, malicious url, malware, malwarebazaar, malware generic, march, md5 chi2, media center, mediaget, medium, memcommit, microsoft, microsoft root, microsoft stuff, million, mimikatz, mirai, mirai 04022024, mirai malware, mirai variant, mitre att, module load, moved, msie, msil, ms windows, mvpower dvr, name, name microsoft, name servers, name virtual, nanocore, nciipc, nemty, netsupport rat, netwire, next, nobits, no data, null, number, october, offset size, opencandy, orsam, os abi, os credential, otx, otx scoreblue, outbound, outbreak, panda, passive dns, pe32 executable, performs dns, phishing, phishing site, phorpiex, plesk, plesk a, pony, postal code, presenoker, problems, progbits, protocol t1071, protocol t1095, pulse pulses, pulse submit, qakbot, qealler, quasarrat, raccoonstealer, ramnit, ransom, read c, record value, redacted, redacted for, redline stealer, red team, referrer, registrant name, registrar abuse, regopenkeyexw, regsetvalueexa, regsz, relacionada, related, related pulses, remcos, remcosrat, reverse dns, riskware, rostpay, round, safe site, scan endpoints, script urls, search, september, serial number, server, servhelper, sha256 file, shell, shell uce, shit, show, showing, simplified, singapore, sinkhole, site, size entropy, size raw, slcc2, sneaky server, ssdeep, stamping, status, stealer, strtab, subject key, subject public, summary, swrort, systembc, systweak, sysv, t1082, t1129, tag count, taobao network, targeting, telecom, text/html, threat network, threat roundup, threats, thumbprint, tiggre, trackers, trickbot, trid dos, trid elf, trojanspy, troldesh, tsara brashears, type address, type rtrcdata, united, united kingdom, unix, unknown, updater, url analysis, urls, url summary, us bundled, useragent, utc gcfezl5ynvb, utc google, utc linkedin, utc na, v3 serial, valid from, vault, verisign time, vhash, viet nam, vietnam, vietnam unknown, virustotal, v object, wacatac, wed jan, whitelisted, whois, win32, win32 exe, win32sfone jul, windows module, windows nt, worm, write, x509v3 key, xport, yara detections, zloader, zombie

  • JARM: 3fd3fd15d3fd3fd00042d42d000000038eaaf490bec8dc33757f165ce01762

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_fsa, hphosts_wrz

  • Country: United States
  • Network:
  • Noticed: 2 times
  • Protocols Attacked: SSH

Malware Detected on Host

Count: 34 814c7301b2ec5eeec01fcc7a2d761de8494e6f582afd7cbaa72b9d19e017131a 191af1c0051cdb7a184e1633f1894cfcd4fbf942c973330ea117c7e4bceaea9d ef29bb66f571a13f3e465242948af62291c9fe51d39dcc97592127dbafd360ba 3d898349908143bef8f7652dada13c6075f84af469349be709b1d33d2ddf6672 06db093414f42d7669e57d31a8d563c71018e8d75c886244b77a6a9bc86b6fdb 6adee9708eeb07df53ced6a40ad5eab5e92be4f86a314835a8ec6e78d20cef62 5f33ba33c0d74148ba7f4c7027effeb348d4c065df4e09c1b10f631084a8ac6f 3a473f65902125056b44aa8887af5e39cf0579672476b16bcdc91592645797a4 86eb7defd521bd159f8290d5d0a0e92aab703dfc57b3a69685477c1280d84d77 12b44d0825d1035da43f3cd2e4c27274a48fe8255d2cf81e0dfdadd927b9b49d

Open Ports Detected

143 443 80

CVEs Detected

CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2024-6484

Map

Whois Information

  • NetRange: 199.188.200.0 - 199.188.207.255
  • CIDR: 199.188.200.0/21
  • NetName: NCNET-1
  • NetHandle: NET-199-188-200-0-1
  • Parent: NET199 (NET-199-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS16626, AS174, AS4323, AS3356, AS22612, AS32421
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2011-08-03
  • Updated: 2015-03-24
  • Comment: http://namecheap.com
  • Comment: for any abuse please use: abuse@namecheap.com
  • Ref: https://rdap.arin.net/registry/ip/199.188.200.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2024-11-25
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • network:Class-Name:network
  • network:Auth-Area:199.188.200.0/24
  • network:ID:NET-222222.199.188.200.230
  • network:IP-Network:199.188.200.230
  • network:IP-Network-Block:199.188.200.230
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:3402 East University Drive
  • network:City:Phoenix
  • network:State:AZ
  • network:Postal-Code:85034
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-222222.199.188.200.230
  • network:Created:20220214090121000
  • network:Updated:20220214090831000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******

Share on: