199.188.205.55 Threat Intelligence and Host Information

Apr 04, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 199.188.205.55 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1023 - Shortcut Modification, T1031 - Modify Existing Service, T1045 - Software Packing, T1049 - System Network Connections Discovery, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window, T1204 - User Execution, T1428 - Exploit Enterprise Resources, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1553.002 - Code Signing, T1568 - Dynamic Resolution, T1583.005 - Botnet, T1598 - Phishing for Information

  • Tags: 103.129.252.44, 103.224.212.222, 103.28.36.182, 162.0.215.111, aaaa, aaaa nxdomain, accept, accept encoding, added active, address, a div, a domains, agent, algorithm, a li, all scoreblue, all search, antigua, a nxdomain, apache, apple, apple-access.com, application, april, arial helvetica, artro, as10906, as11284, as13414 twitter, as14061, as15133 verizon, as15169, as15169 google, as16276, as19527 google, as22612, as24940 hetzner, as29873, as30081, as31034 aruba, as31898 oracle, as36459, as36647 oath, as393245 oath, as397240, as397241, as46606, as49505, as54113, as54994 quantil, as62597 nsone, as7296 alchemy, as8075, as8560, as9009 m247, ascii text, asn as22612, asn as36459, asnone united, aurora, author avatar, backdoor, bank, barbuda, barbuda unknown, beginstring, bios, bladabindi, body, brazil unknown, brute force, bugs, capture, certificate, change, checkin, chrome, city, class, click, cname, cnwe1 validity, cnwotrus dv, code, collisionbox, command type, contact, contacted, contacted hosts, content, content type, cookie, copy, copyright, crazy doll, create c, created, creation date, crlf line, cryp, csam, cus ogoogle, date, date hash, days ago, delete, delete c, director, div div, div h3, dns replication, dnssec, dock, document file, domain, domain address, domain name, dotcisoffer, downloader, drweb, dynamic, dynamicloader, east, email, emails, emotet type, encrypt, enigmaprotector, entries, equiv cache, error, error all, error f, execution, expiration, expiration date, expiresthu, exploit, false, federation asn, filehash, filehashmd5, filehashsha256, files, file samples, files ip, files location, files matching, files related, first, flag, flag united, formbook cnc, for privacy, gameoverpanel, gecko, germany, germany unknown, github, github pages, global domains, gmt cache, gmt content, gmt contenttype, gmt server, grum, guard, hacktool, hack type, health type, high, hostname, http, httponly, http scans, httpsupgrades, hybrid, iana, iana ref, iana special, icmp traffic, idlogin sep, ieedge chrome1, incapsula, installs, intel mac, international, internet, ip address, ip check, ipv4, ipv6, italy, italy unknown, key algorithm, key info, khtml, labs pulses, lanc type, launcher, less see, less whois, life, limited, linux x8664, litespeed x, llc name, local, location united, look, los angeles, lowfi, macintosh, malware, markmonitor, mcig sep, media center, medium, memcommit, memreserve, meta, meta http, meta name, miori hackers, mirai, mirai type, moved, mozilla, msie, mtb aug, mtb description, mtb sep, namecheap inc, name servers, net168, net1680000, nethandle, next, nextc type, ninite, null, number, nxdomain, orgabusephone, organization, org domains, orgid, orgtechhandle, orgtechref, os x, overview domain, overview ip, owotrus ca, panda, param, passive dns, path, pattern match, pegasus, phishing, pii, piiexposure, porn type, possible, powershell, pragma, privacy admin, privacy billing, privacy tech, process details, program, proxy, pulse pulses, pulses email, pulse submit, pulses url, python, ransom, read, read c, record value, redacted for, redirect, refresh, registrar, registrar abuse, related nids, related pulses, related tags, report spam, request, request id, restart, reverse dns, robots content, roleselfservice, role title, runner, russia, sameorigin, scan endpoints, script, script endif, script script, script urls, search, sea x, secure, secure server, server, server ca, servers, service, sha1, sha256, show, showing, size, slcc2, smoke loader, softcnapp, span, span div, span svg, stack, status, stream, strings, subject public, suite, technology, telegram strong, telper, title, tofsee, tools, top destination, top source, tour, trex, trojan, trojanclicker, trojandropper, trojan features, trojanspy, trust, tulach type, twitter, type indicator, typeof, types of, ucha, uid38009, ul div, unis, united, united kingdom, university, unknown, updater, url analysis, url http, url https, urls, utf8, v2 document, v3 serial, verdict, verify, veryhigh, vipre, virgin islands, virtool, virustotal, whitelisted, whitelisted ip, whois registrar, win32, win32mydoom sep, win32 type, win64, windows, windows nt, windows startup, worm, wow64, write, write c, xport, x ua, yara detections

  • JARM: 3fd3fd15d3fd3fd00042d42d000000038eaaf490bec8dc33757f165ce01762

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 5 times
  • Protocols Attacked: SSH
  • Countries Attacked: Aruba, Italy, United States of America
  • Passive DNS Results: amonvoyage.com fastbetzone.com planglow.org textloop.org boldfact.org tonewise.org lifegrip.org notepath.org zoomfeel.org glowsnap.org risespot.org gripword.org edugoals-sa.com emergencytreerepairs.com famenew.com treerepairservice.com mamithre.online mkulykandassociates.com magnoliapointeumatilla.com fedesestimating.com fedesestimating.co solarpvsysteminstallers.com prototipoinfotickets.online moneytipsforyou.com ogawa.cl www.ogawa.cl iptvsubscriptionpremium.com woodworkpro.net dgcmgt.com sell.respectmart.com www.sell.respectmart.com streamsmartai.com diverse.probizgenius.online diverse.thinkbiz.pro thinkbusiness.cloudadvantage.live halalcollagenpowderuk.shop marinecollagenliquid.shop bestliquidmarinecollagenuk.shop lordsonsub.com.ng wapompanobeach.com prostmecl.com cloudadvantage.live willieflyjohnson.com hkibtrading.com giantthink.online businessessay.online thenetraven.com snuar.com globalinvestorspanama.com booking.instaquirk.com www.booking.instaquirk.com contributeweb.pro probizgenius.online luckynuansaslote.xyz thinkbiz.pro kniel.co.za www.kniel.co.za e-bookreadercomparison.com businessstylish.com www.scholarshomesylhet.edu.bd scholarshomesylhet.edu.bd www.boostbuyer.com boostbuyer.com msishipping.respectmart.com www.msishipping.respectmart.com smartexporter.respectmart.com www.smartexporter.respectmart.com alliedchool.com adsvertex.com darulaminedubd.com servicesscoop.com buyoo.shop outofthis.shop nativebuy.shop etherea.shop exbuy.shop www.exbuy.shop greenh.store ootw.store ethereals.online natives.live livebuy.store buygreen.store buyex.store zeebuy.store ppgworks.online m.lawma.gov.ng www.m.lawma.gov.ng csestimating.online idmlifetime.online csestimating.live csestimating.info cs-estimating.online www.cs-estimating.online encinogroup.xyz nightrosemarketing.com luckynuansaslotd.xyz thisiswilliejohnson.com wetransfer.uniritng.com farmit.store farmjon.store naturalfarms.pro allnatural.pro mailtwiin.com www.mailtwiin.com bridgewoodvalley.xyz briarbluffventures.xyz manhattanventures.xyz blueridgeventure.xyz blueoakravine.xyz blueridgegroup.xyz blackterraceravine.xyz oceanviewgroup.xyz castlerockcourt.xyz lurkandloot.com aaghazfoundation.com www.aaghazfoundation.com www.metrologicmexico.com metrologicmexico.com www.kisstheskyaho.com kisstheskyaho.com respectmart.com luckynuansaslotc.xyz broculos.net jkurleymd.com concepstore.com copycatguate.com homedod.com moylancapital.com www.howtoultimate.com howtoultimate.com mushies.online debiolab.com slwalekop.com mastertentsandshades.com trensydealsmart.com www.peptlab.store peptlab.store mmuenglishedu.com www.mmuenglishedu.com alheraedubd.com www.alheraedubd.com labcom.com.mx vanderbiltcourt.xyz cheapdatamall.com.ng epikaizomicrofinance.co.tz buyers-ai.com www.buyers-ai.com abcfinanzas.com my-pc-help.com builder.xepho.org www.builder.xepho.org cloakingad.com enmmar.com www.enmmar.com www.aromasnaturals.com aromasnaturals.com spinnuansa4d.pro corrieredelmattino.com epcmmarine.com ganistream.shop sasecltd.com www.sasecltd.com spinnuansa4d.net www.mercysub.com mercysub.com demo360nsg.site legallsd.org ganifast.shop ondohelp.online antminer.shopping meritagehomecorporation0.live northwesternuniversity0.live kbhomes.xyz walnutcreekgroup.xyz walnutravine.xyz mountbattongroup.xyz livingstoneventures.xyz kbhomes.wiki willowcreekvalley.xyz covingtonvalley.xyz coventrycourt.xyz thesummitridgegroup.xyz churchillgroup.xyz coppercourtgroup.xyz crescentravine.xyz therockpointgroup.xyz stonegategroup.xyz castleravine.xyz canalravine.xyz cloverheightsventures.xyz canyonpeakventures.xyz capacityventures.xyz continentalventures.xyz cedarcourt.xyz crestgroup.xyz covingtonravine.xyz cobbhillravine.xyz crescentgroup.xyz cedarcourtravine.xyz coppercourtventures.xyz chateauventures.xyz clovervalley.xyz stonecourtvalley.xyz steelgatelvalley.xyz castlewoodvalley.xyz clearwaterravine.xyz canyonpeakravine.xyz carringtongroup.xyz canyonpeakgroup.xyz sycamorecourt.xyz steelcourtventures.xyz chandlergroup.xyz stonewoodravine.xyz charteroakgroup.xyz cascadingravine.xyz sycamorevalley.xyz stonewoodventures.xyz summitridgevalley.xyz canterburygroup.xyz stonecourtgroup.xyz stonegateventures.xyz cascadeventures.xyz vistapointventures.xyz canterburycourt.xyz vistaventures.xyz cedarcourtventures.xyz chandlerassociates.xyz castlewoodgroup.xyz summitridge.xyz silvervalley.xyz steelventures.xyz shadowridgegroup.xyz silverrivergroup.xyz sherwoodvalley.xyz scarletoakvalley.xyz viennaventures.xyz sandalwoodravine.xyz scarletoakventures.xyz shermanoaksventures.xyz sunbrookvalley.xyz shadowridgeventures.xyz stoneravine.xyz sunbrookgroup.xyz sinclairravine.xyz sinclairventures.xyz silverrivercourt.xyz shorecrest.xyz shorecrestravine.xyz sherwoodgroup.xyz shermanvalley.xyz shadowlakeventures.xyz holmesventures.xyz silveroakvalley.xyz shadowcourtgroup.xyz shadowcourtventures.xyz shadowhillventures.xyz shorecrestvalley.xyz highlandgroup.xyz silverwoodventures.xyz harrisonventures.xyz horizoncourt.xyz hearstcourt.xyz hickorycreekravine.xyz highlandravine.xyz heritageventures.xyz hiltonventures.xyz hickorycreekgroup.xyz hedgefundventures.xyz hedgefundgroup.xyz horizonventures.xyz hearstravine.xyz hollowcreekventures.xyz mulhollandventures.xyz mustangventures.xyz hickorycreekventures.xyz mulhollandgroup.xyz hamiltongroup.xyz monumentventures.xyz mayfaircourt.xyz maplewoodvalley.xyz marblegateventures.xyz malibucourt.xyz mapleleafgroup.xyz marblecourtgroup.xyz mapleleafventures.xyz mediciventures.xyz mayfairvalley.xyz meadowventures.xyz prosperitygroup.xyz marblecreekventures.xyz meadowgroup.xyz livingstongroup.xyz leveragegroup.xyz irongatevalley.xyz ivoryterraceventures.xyz ironwalkvalley.xyz ironwoodvalley.xyz pinewoodventures.xyz pinevalleyventures.xyz pebblebeachventures.xyz palmcourtventures.xyz briarbluffgroup.xyz buckinghamgroup.xyz bronzegateventures.xyz bronzestargroup.xyz bridgewoodgroup.xyz brassringventures.xyz briarvalley.xyz broadwaycourt.xyz briarravine.xyz briarcourtventures.xyz bridgestoneventures.xyz bluespringsventures.xyz bronzevalleygroup.xyz bluespringsravine.xyz blackstoneventures.xyz blackstonevalley.xyz blackwellventures.xyz blackwellravine.xyz blackpinevalley.xyz blackwellvalley.xyz bayshoregroup.xyz bayshoreravine.xyz bamboovalley.xyz bambooravine.xyz bayshorecourt.xyz barrelridgeventures.xyz beechwoodventures.xyz greenridgeventures.xyz greenwoodventures.xyz glassbridgegroup.xyz oakhurstvalley.xyz jadestonegroup.xyz oakwoodravine.xyz oakravine.xyz jadestonevalley.xyz oakwoodgorge.xyz oakwoodvalley.xyz oakvilleventures.xyz oakvilleravine.xyz oakcourtventures.xyz oakcrestgroup.xyz eaglepassvalley.xyz edgewoodravine.xyz elmridgevalley.xyz elmridgeventures.xyz ebonycourt.xyz kingstonventures.xyz kensingtonventures.xyz rockwellcourtventures.xyz redwoodventures.xyz forbesventures.xyz fieldingsgroup.xyz falconventures.xyz theoxfordgroup.xyz timberridgegroup.xyz castletongroup.xyz creeksidegroup.xyz snowcanyonventures.xyz stellarventures.xyz stoneventures.xyz stallionventures.xyz bedrockgroup.xyz goldenacorngroup.xyz bridgesgroup.xyz rockledgeventures.xyz remingtonsteelgroup.xyz rockportventures.xyz theprimebusiness.xyz millionairegroup.xyz madisonavenueventures.xyz pharaohventures.xyz elitevisiongroup.xyz eliteventuregroup.xyz eliteconsultants.xyz noura-est.com pkdiscounts.com blackhatads.com themadisonavenuegroup.com holisticdailytips.com gmmedia.net shantiniketancondos.com badreception.media spinnuansaslot.xyz spinnuansa4d.xyz nationaluniversity.site web-3.cloud store-cards.site amnhealthcare.one nationaluniversity.art winterbournvalley.xyz winterbourncreek.xyz winthropestates.xyz winterbournventures.xyz willbrookvalley.xyz willowbrookvalley.xyz starlingventures.xyz mountbattonventures.xyz stealthventures.xyz walnuttech.xyz thewalnutgroup.xyz thecarylegroup.xyz thecliffhanger.xyz sterlingridge.xyz steelgatevalley.xyz rockcreekravine.xyz livingstonegroup.xyz canterburyravine.xyz sterlingravine.xyz birchcreekvalley.xyz amnhealthcare.wiki northwesternuniversity.online windsorcourt.xyz whitehallcourt.xyz willowwoodventures.xyz willowwoodvalley.xyz winthropventures.xyz willowcreekravine.xyz willowcourtgroup.xyz willowcourt.xyz winstonventures.xyz windsorventures.xyz willowcourtventures.xyz willowcreekcourt.xyz willowwoodgroup.xyz whitfieldvalley.xyz winstongroup.xyz whitfieldventures.xyz windsorravine.xyz willowvalley.xyz windsorvalley.xyz willowterracegroup.xyz willowravine.xyz whitehallravine.xyz whitfieldravine.xyz whitehallvalley.xyz whitfieldgroup.xyz whitehallventures.xyz windsorgroup.xyz whitfieldcourt.xyz wavecrestcourt.xyz whitehallgroup.xyz wetherlyravine.xyz wetherlyventures.xyz wetherlyvalley.xyz walnutvalley.xyz wavecrestravine.xyz wallnutventures.xyz wallnutravine.xyz wavecrestvalley.xyz ashvillegroup.xyz ashcourtgroup.xyz aspenvillageventures.xyz ashberryventures.xyz aspenvillagegroup.xyz ashberryravine.xyz aspenvalley.xyz ashberryvalley.xyz ashberrycourt.xyz ashfordventures.xyz ashfordgroup.xyz aspenravine.xyz ashfordravine.xyz ashberrygroup.xyz aspencourtventures.xyz aspencourtgroup.xyz aspencourtravine.xyz armaniventures.xyz arrowcourtravine.xyz ashcourtvalley.xyz arrowcourtventures.xyz ashvilleravine.xyz arrowcourtgroup.xyz armanigroup.xyz arborventures.xyz arrowwoodravine.xyz arrowoodventures.xyz amuletventures.xyz ambassadorventures.xyz theferrarigroup.xyz abbotcourt.xyz abbotgroup.xyz abbotventures.xyz timberridgecourt.xyz thelincolngroup.xyz themonumentgroup.xyz theblackhawkgroup.xyz titaniumventures.xyz titaniumvalley.xyz thecadillacgroup.xyz thesinclairgroup.xyz thewallnutgroup.xyz thegoldmangroup.xyz theviennagroup.xyz titaniumcourtventures.xyz theoakvillegroup.xyz titaniumravine.xyz thistlewoodvalley.xyz titaniumgroup.xyz

Open Ports Detected

110 143 21 443 465 53 587 80 993 995

CVEs Detected

CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2024-6484

Map

Whois Information

  • NetRange: 199.188.200.0 - 199.188.207.255
  • CIDR: 199.188.200.0/21
  • NetName: NCNET-1
  • NetHandle: NET-199-188-200-0-1
  • Parent: NET199 (NET-199-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS16626, AS174, AS4323, AS3356, AS22612, AS32421
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2011-08-03
  • Updated: 2015-03-24
  • Comment: http://namecheap.com
  • Comment: for any abuse please use: abuse@namecheap.com
  • Ref: https://rdap.arin.net/registry/ip/199.188.200.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2024-11-25
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • network:Class-Name:network
  • network:Auth-Area:199.188.205.0/25
  • network:ID:NET-83636.199.188.205.55
  • network:IP-Network:199.188.205.55
  • network:IP-Network-Block:199.188.205.55
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:3402 East University Drive
  • network:City:Phoenix
  • network:State:AZ
  • network:Postal-Code:85034
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-83636.199.188.205.55
  • network:Created:20190717162629000
  • network:Updated:20190717163824000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******

Share on: