198.54.115.141 Threat Intelligence and Host Information

Feb 16, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 198.54.115.141 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 75/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1080 - Taint Shared Content, T1102 - Web Service, T1210 - Exploitation of Remote Services, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1566 - Phishing

  • Tags: agent tesla, agenttesla, agentteslaexe, arkeistealer, azorult, azorultexe, cobalt strike, cobaltstrike, cyber security, danabot, darkrat, desktop, domains, dridex, dridexopendir, emotet, emotetheodo, emotet malware, eternalblue, fake net, fallout, first, flawedammyy, formbook, gandcrab, gozi, hancitor, hashes, hawkeye, heodo, icedid, ioc, iocs ip, kpot, kpotstealer, loader, loki, luminositylink, malicious, malware, microsoft, nanocore, nemty, netwire, Nextray, phishing, phorpiex, pony, qakbot, qbot, qealler, quasarrat, raccoonstealer, remcos, remcosrat, servhelper, stealer, systembc, trickbot, trojan, troldesh, wannacry, wannycry, wcry, zloader

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: cleanmx_viruses, hphosts_emd

  • Country: United States
  • Network:
  • Noticed: 31 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 11 470f6b2fbc10eac46ebb9ca750a0d51976a961e68e890eda3fe996c520abf492 14fa27859da0bd597a8bfb58821c9b6fa1d08ca5470db143ca569b06745a47a6 696b07e853a4c02e66245e0dd12e105381bb59d20004cfbd7524111bdf1ab80a 112af9470230e8f320dd5b1210b7448f72cfd2df7b148f0a37ad8f2542fe5b2b f1c89b477adb29c32a94233dd36b6d2ceb315b2b982360a8dcffad275bedd31f 296c7601cd9ae3633e0ac457907f04c2e17d262c139efe6a3f8acf0b39aeb096 5ab3faa3430e0bb91c5bc87af070f32e70888de57fc911864d84d551048a497d 477a9f18976fc5e954355da485937a3558a47e1e46218dd2e11578ded3cafe99 588989bcd66c1d2f8215f257babee203f386bcedd1acb01a81fb9e43f60e243e 6ad9fb71c3404acdd76567ffb17a28b629ed1a23f8ada89aaa8ff7bab45bacfc

Open Ports Detected

110 143 2077 2082 2083 26 443 465 53 587 80 993

CVEs Detected

CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331

Map

Whois Information

  • NetRange: 198.54.112.0 - 198.54.127.255
  • CIDR: 198.54.112.0/20
  • NetName: NAMEC-4
  • NetHandle: NET-198-54-112-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2015-11-13
  • Updated: 2015-11-13
  • Ref: https://rdap.arin.net/registry/ip/198.54.112.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2024-11-25
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-661-310-2107
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • network:Class-Name:network
  • network:Auth-Area:198.54.115.128/26
  • network:ID:NET-29232.198.54.115.141
  • network:IP-Network:198.54.115.141
  • network:IP-Network-Block:198.54.115.141
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:3402 East University Drive
  • network:City:Phoenix
  • network:State:AZ
  • network:Postal-Code:85034
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-29232.198.54.115.141
  • network:Created:20160129085727000
  • network:Updated:20160221040249000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******

Share on: