198.54.116.220 Threat Intelligence and Host Information

Apr 03, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 198.54.116.220 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

  • Mitre ATT&CK IDs: T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1059 - Command and Scripting Interpreter, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1204 - User Execution, T1518 - Software Discovery, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1552 - Unsecured Credentials, T1553 - Subvert Trust Controls, T1555 - Credentials from Password Stores, T1566 - Phishing

  • Tags: agenttesla, agentteslaexe, arkeistealer, asyncrat, azorult, azorultexe, back, clop, clop ransomware, danabot, darkrat, decoder.exe, dridex, dridexopendir, emotetheodo, fin11, formbook, gandcrab, gozi, hancitor, hawkeye, heodo, icedid, ip address, kpot, kpotstealer, leverage, loader, loki, luminositylink, msbuild, nanocore, nemty, netwire, phorpiex, pony, powershell, qakbot, qealler, quasarrat, raccoonstealer, rats, remcos, remcosrat, servhelper, stealer, studio, systembc, trickbot, troldesh, urls, vidar, zloader, zoom, zoom video

  • JARM: 3fd3fd15d3fd3fd00042d42d000000038eaaf490bec8dc33757f165ce01762

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 3 times
  • Protocols Attacked: SSH

Malware Detected on Host

Count: 14 e2a30d6b267f1cb370ec1761caab4b24fb30384ae0807c3de9c4e3a6c6e189dc 09b565686cc7925bff49860b5fcdb87733ba6c2f8eec3cc9a31553229d6da552 7fd01ab7b8efa0b6e2363c6e27ed475d88cefc40b8ceee0c823d2d51757125f6 5b8b8218b0fd53cde6026aee09ac25357f8cadce35c8a6107f53888030691301 d72771e8b7986aa29be204bbbdf13a22ab5d9dd7a8532f9647ef37dc8039c8af af1568fc04f987d6e2a733776732fd184f8f27289b55f783b4fc3f5f1fd2ef53 86f224c5710904df671f2771e4f13cda3bf3e4a60bc2fc9b0896d696e7d7803c 3fd4fbb145d4cb35dde4f677989edfb0fac8009019609ec2878df794be32d3e3 f8e3578f350070ffee2a534c35cb5156006b760022e5eb4bc29cbb787f1cfb09 2f5c96a27f17145d9cd3ed2a6ad8b16e07bb335696a8e43bf1811acff6eeacf1

Open Ports Detected

143 21 26 443 465 80

Map

Whois Information

  • NetRange: 198.54.112.0 - 198.54.127.255
  • CIDR: 198.54.112.0/20
  • NetName: NAMEC-4
  • NetHandle: NET-198-54-112-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2015-11-13
  • Updated: 2015-11-13
  • Ref: https://rdap.arin.net/registry/ip/198.54.112.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2024-11-25
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • network:Class-Name:network
  • network:Auth-Area:198.54.116.192/26
  • network:ID:NET-31230.198.54.116.220
  • network:IP-Network:198.54.116.220
  • network:IP-Network-Block:198.54.116.220
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:3402 East University Drive
  • network:City:Phoenix
  • network:State:AZ
  • network:Postal-Code:85034
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-31230.198.54.116.220
  • network:Created:20160505163019000
  • network:Updated:20160507131813000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******

Share on: