199.188.200.35 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 199.188.200.35 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: United States
Noticed: 10 times
Protocols Attacked: SSH
Countries Attacked: Dominican Republic, Qatar, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
Open Ports: 2077, 2079, 2080, 21, 443, 80
Tor Node: No
Associated Malware Samples: 4

MITRE ATT&CK TTPs

T1014 - Rootkit
T1017 - Application Deployment Software
T1027 - Obfuscated Files or Information
T1031 - Modify Existing Service
T1036.005 - Match Legitimate Name or Location
T1036 - Masquerading
T1038 - DLL Search Order Hijacking
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1055 - Process Injection
T1056 - Input Capture
T1059.004 - Unix Shell
T1059 - Command and Scripting Interpreter
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1081 - Credentials in Files
T1087 - Account Discovery
T1088 - Bypass User Account Control
T1102 - Web Service
T1110 - Brute Force
T1111 - Two-Factor Authentication Interception
T1113 - Screen Capture
T1114 - Email Collection
T1125 - Video Capture
T1129 - Shared Modules
T1133 - External Remote Services
T1140 - Deobfuscate/Decode Files or Information
T1155 - AppleScript
T1156 - Malicious Shell Modification
T1190 - Exploit Public-Facing Application
T1192 - Spearphishing Link
T1193 - Spearphishing Attachment
T1194 - Spearphishing via Service
T1199 - Trusted Relationship
T1202 - Indirect Command Execution
T1204.002 - Malicious File
T1204 - User Execution
T1210 - Exploitation of Remote Services
T1491 - Defacement
T1493 - Transmitted Data Manipulation
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1503 - Credentials from Web Browsers
T1534 - Internal Spearphishing
T1552 - Unsecured Credentials
T1553 - Subvert Trust Controls
T1560 - Archive Collected Data
T1566.002 - Spearphishing Link
T1566 - Phishing
T1574 - Hijack Execution Flow
T1583 - Acquire Infrastructure
T1584 - Compromise Infrastructure
T1585 - Establish Accounts
T1586 - Compromise Accounts
T1589 - Gather Victim Identity Information
T1598 - Phishing for Information
T1602 - Data from Configuration Repository
T1608 - Stage Capabilities

Associated CVEs

CVE-2016-10735

Passive DNS

elephanteyehotel.com

Attack Log References

Whois Information

NetRange: 199.188.200.0 - 199.188.207.255 CIDR: 199.188.200.0/21 NetName: NCNET-1 NetHandle: NET-199-188-200-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS16626, AS174, AS4323, AS3356, AS22612, AS32421 Organization: Namecheap, Inc. (NAMEC-4) RegDate: 2011-08-03 Updated: 2015-03-24 Comment: http://namecheap.com Comment: for any abuse please use: abuse@namecheap.com Ref: https://rdap.arin.net/registry/ip/199.188.200.0 OrgName: Namecheap, Inc. OrgId: NAMEC-4 Address: 11400 W. Olympic Blvd. Suite 200 City: Los Angeles StateProv: CA PostalCode: 90064 Country: US RegDate: 2011-01-28 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/NAMEC-4 OrgTechHandle: EFIME-ARIN OrgTechName: Efimenko, Igor OrgTechPhone: +1-323-375-2822 OrgTechEmail: igor.e@namecheap.com OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN OrgAbuseHandle: ABUSE2885-ARIN OrgAbuseName: Abuse team OrgAbusePhone: +1-323-375-2822 OrgAbuseEmail: abuse@namecheaphosting.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN OrgTechHandle: TECHT4-ARIN OrgTechName: Tech team OrgTechPhone: +1-323-375-2822 OrgTechEmail: tech@namecheaphosting.com OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN network:Class-Name:network network:Auth-Area:199.188.200.0/24 network:ID:NET-298067.199.188.200.35 network:IP-Network:199.188.200.35 network:IP-Network-Block:199.188.200.35 network:Org-Name:Web-hosting.com network:Street-Address:3402 East University Drive network:City:Phoenix network:State:AZ network:Postal-Code:85034 network:Country-Code:US network:Tech-Contact:MAINT-298067.199.188.200.35 network:Created:20240226173032000 network:Updated:20240226173103000 network:Updated-By:net-admin@namecheap.com contact:POC-Name:Network team contact:POC-Email:net-admin@namecheap.com contact:POC-Phone: contact:Tech-Name:Network team contact:Tech-Email:net-admin@namecheap.com contact:Tech-Phone: contact:Abuse-Name:Abuse team contact:Abuse-Email:abuse@namecheaphosting.com