IPMediumSignal 100/100

`198.244.188.27`

Location

United Kingdom

London, England

ASN

AS16276

OVH Ltd

First Seen

Nov 23, 2024

Last Seen

Feb 20, 2026

Nov 23

First Seen

582d ago

Feb 20

Last Seen

128d ago

Reports

source reports

99%

Confidence

medium

Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

49 techniques

Network Information

Country

United Kingdom

RegionLondon, England

ASNAS16276

OrganizationOVH Ltd

Feed Intelligence Summary

18 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccess controlactive scanningatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication failureauthentication failuresauto-generated securityautomated attackbanlist feedbinary defensebotnetbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forccisco devicecommand and controlcommunication protocolcompromised credentialscowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdecoy systemdenial-of-servicedevice managementdigitalocean vpsdionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexploitationexternal_scanningfail2ban alertfail2ban blockedfail2ban logsfail2ban triggeredfailed loginfailed login attemptsfinlandfranceftpftp brute forcegbgb_origingeoiphoneytrap honeypothttp brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessintrusion detectionipv4it infrastructurelamplogin attacklogin attemptlogin attempt failurelogin attemptslogin failuremailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion detectionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork_enumerationnoticeoceaniapassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trappotential malware uploadprocess injectionprotocol exploitationreconnaissanceremote accessremote service exploitationremote service interactionremote servicesresearchedscanscannerscanning activitysecurity eventsecurity operationssecurity policyservice exploitationservice scanningsftp attacksip scanningsocial engineeringsocradar honeypotsoftware developmentssh attackssh brute-force attackssh monitoringssh scanningt-pott1018t1021t1021.001t1021.002t1021.004t1021.005t1040t1041t1046t1055t1059t1059.004t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1588.004t1589t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpottpotceunauthorized accessunauthorized access attemptunauthorized loginunited kingdomunited kingdom of great britain and northern irelandvalid accountsvoipvpsweb login

Activity Timeline

1 total obs

Feb 20Feb 20

Threat Activity Heatmap

· Peak: 2026-02-20

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenNov 23, 2024

Last seenFeb 20, 2026

GeolocationGB

CountryUnited Kingdom

LocationLondon, England

ASNAS16276

OrgOVH Ltd

Coords48.8582, 2.3387

VirusTotal

Not checked

WHOIS

description: dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw: inetnum: 198.244.188.0 - 198.244.191.255 netname: VPS-UK2 country: GB org: ORG-OL17-RIPE geoloc: 51.48588 0.183567 admin-c: OTC14-RIPE tech-c: OTC14-RIPE status: LEGACY mnt-by: OVH-MNT created: 2021-09-13T07:34:18Z last-modified: 2021-09-13T07:34:18Z source: RIPE organisation: ORG-OL17-RIPE org-name: OVH Ltd org-type: OTHER address: New London House, 6 London Street address: EC3R 7LP, LONDON address: UK abuse-c: AR15333-RIPE admin-c: OTC2-RIPE mnt-ref: OVH-MNT mnt-by: OVH-MNT created: 2005-10-13T11:09:01Z last-modified: 2024-11-29T16:19:45Z source: RIPE # Filtered role: OVH UK Technical Contact address: OVH Ltd address: New London House, 6 London Street address: EC3R 7LP, LONDON address: UK admin-c: OK217-RIPE tech-c: GM84-RIPE nic-hdl: OTC14-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2009-09-16T16:09:57Z last-modified: 2017-01-17T09:52:03Z source: RIPE # Filtered route: 198.244.128.0/17 origin: AS16276 mnt-by: OVH-MNT created: 2021-03-09T14:12:57Z last-modified: 2021-03-09T14:12:57Z source: RIPE
references: https://redpiranha.net, https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`198.244.188.27`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey