199.188.207.151 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 199.188.207.151 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: atif feed, banlist feed, binary defense, brute force, cisco, cowrie, email, honeytrap, LAMP, mailoney, malicious, sftp, ssh

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 5 times
• Protocols Attacked: SSH
• Countries Attacked: Australia
• Passive DNS Results: new2.xiabenhow.com xiabenhow.com aism.salutia.org admin.evaluar.hospitalia.com.co ventanadeformacion.salutia.org gestioncostos.synergiasa.com admin.invprevalencia2021.salutia.org admin.invprevalencia2021-capacitacion.salutia.org invprevalencia2021.salutia.org admin.hospitalia.com.co invprevalencia2021-capacitacion.salutia.org ip3.salutia.org ip2.hospitalia.com.co ip2.synergiasa.com shodeshtv.com goodlook.info self-employments.com shodesh24.com self-shopping.com url023.icu url023.basicwork.info url022.basicwork.info url021.basicwork.info www.url020.basicwork.info url028.basicwork.info url018.basicwork.info url009.basicwork.info www.url009.basicwork.info url015.basicwork.info url006.basicwork.info www.url006.basicwork.info url013.basicwork.info www.url013.basicwork.info url013.info ns1.eduidea.info betternext.info eduidea.info whm.eduidea.info slfurl.cc www.url010.basicwork.info url010.basicwork.info www.url011.basicwork.info url011.basicwork.info url011.info url004.info url004.basicwork.info www.url004.basicwork.info url008.basicwork.info url008.info www.url008.basicwork.info url007.basicwork.info www.url007.basicwork.info url005.basicwork.info www.url005.basicwork.info self-employments.net url027.basicwork.info url030.basicwork.info www.url023.basicwork.info url030.icu www.url024.basicwork.info www.url027.basicwork.info www.url026.basicwork.info url026.basicwork.info url028.icu www.url029.basicwork.info url024.icu www.url028.basicwork.info url026.icu url024.basicwork.info url025.basicwork.info www.url025.basicwork.info url025.icu url027.icu www.url030.basicwork.info url029.basicwork.info url029.icu www.url018.basicwork.info url018.icu url020.basicwork.info url020.icu www.url021.basicwork.info url021.icu url022.icu www.url017.basicwork.info www.url019.basicwork.info url019.basicwork.info url019.icu url017.icu www.url022.basicwork.info url017.basicwork.info url006.info url005.info url007.info url002.basicwork.info www.url003.basicwork.info url002.info www.url001.basicwork.info url003.info url003.basicwork.info url001.basicwork.info www.url002.basicwork.info url001.info url014.info url014.basicwork.info www.url014.basicwork.info url015.info www.url015.basicwork.info url012.basicwork.info www.url012.basicwork.info url012.info url010.info url009.info www.siteone.basicwork.info siteone.basicwork.info bestofluck.info basicwork.info

Map

Whois Information

• NetRange: 199.188.200.0 - 199.188.207.255
• CIDR: 199.188.200.0/21
• NetName: NCNET-1
• NetHandle: NET-199-188-200-0-1
• Parent: NET199 (NET-199-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS16626, AS174, AS4323, AS3356, AS22612, AS32421
• Organization: Namecheap, Inc. (NAMEC-4)
• RegDate: 2011-08-03
• Updated: 2015-03-24
• Comment: http://namecheap.com
• Comment: for any abuse please use: abuse@namecheap.com
• Ref: https://rdap.arin.net/registry/ip/199.188.200.0
• OrgName: Namecheap, Inc.
• OrgId: NAMEC-4
• Address: 11400 W. Olympic Blvd. Suite 200
• City: Los Angeles
• StateProv: CA
• PostalCode: 90064
• Country: US
• RegDate: 2011-01-28
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/NAMEC-4
• OrgAbuseHandle: ABUSE2885-ARIN
• OrgAbuseName: Abuse team
• OrgAbusePhone: +1-323-375-2822
• OrgAbuseEmail: abuse@namecheaphosting.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
• OrgTechHandle: TECHT4-ARIN
• OrgTechName: Tech team
• OrgTechPhone: +1-323-375-2822
• OrgTechEmail: tech@namecheaphosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
• OrgTechHandle: EFIME-ARIN
• OrgTechName: Efimenko, Igor
• OrgTechPhone: +1-323-375-2822
• OrgTechEmail: igor.e@namecheap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN

Links to attack logs

bruteforce-ip-list-2025-02-16 bruteforce-ip-list-2025-01-17