198.54.117.197 Threat Intelligence and Host Information
May 31, 2025
ipinfopage
General
IP Address
198.54.117.197
Location
🇺🇸 United States
Network
AS22612
Threat Score
80/100
Attack Intelligence
MITRE ATT&CK Techniques
T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1018 - Remote System Discovery, T1021.001 - Remote Desktop Protocol, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1030 - Data Transfer Size Limits, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1046 - Network Service Scanning, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1088 - Bypass User Account Control, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1110 - Brute Force, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1122 - Component Object Model Hijacking, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1183 - Image File Execution Options Injection, T1184 - SSH Hijacking, T1192 - Spearphishing Link, T1194 - Spearphishing via Service, T1199 - Trusted Relationship, T1202 - Indirect Command Execution, T1415 - URL Scheme Hijacking, T1442 - Fake Developer Accounts, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1454 - Malicious SMS Message, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1539 - Steal Web Session Cookie, T1543 - Create or Modify System Process, T1546.015 - Component Object Model Hijacking, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1562 - Impair Defenses, T1565 - Data Manipulation, T1566 - Phishing, T1568 - Dynamic Resolution, T1569 - System Services, T1571 - Non-Standard Port, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1583.001 - Domains, T1583.002 - DNS Server, T1583.005 - Botnet, T1583.006 - Web Services, T1583 - Acquire Infrastructure, T1585.001 - Social Media Accounts, T1586 - Compromise Accounts, T1588.004 - Digital Certificates, T1588 - Obtain Capabilities, T1591.002 - Business Relationships, TA0001 - Initial Access, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control
Geographic Location
Country
United States
City
Unknown
Region
Unknown
Coordinates
37.7510, -97.8220
Network Information
ASN
AS22612
Organization
NAMECHEAP-NET
Network
AS22612 NAMECHEAP-NET
WHOIS Information
NetRange
198.54.112.0 - 198.54.127.255
CIDR
198.54.112.0/20
NetName
NAMEC-4
NetHandle
NET-198-54-112-0-1
Parent
NET198 (NET-198-0-0-0-0)
NetType
Direct Allocation
OriginAS
Organization
Namecheap, Inc. (NAMEC-4)
RegDate
2011-01-28
Updated
2024-11-25
Ref
https://rdap.arin.net/registry/entity/NAMEC-4
OrgName
Namecheap, Inc.
OrgId
NAMEC-4
Address
11400 W. Olympic Blvd. Suite 200
City
Los Angeles
StateProv
CA
PostalCode
90064
Country
US
OrgTechHandle
TECHT4-ARIN
OrgTechName
Tech team
OrgTechPhone
+1-661-310-2107
OrgTechEmail
tech@namecheaphosting.com
OrgTechRef
https://rdap.arin.net/registry/entity/TECHT4-ARIN
OrgAbuseHandle
ABUSE2885-ARIN
- Country: United States
- Network:
- Noticed: 50 times
- Protocols Attacked: SSH
- Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Belgium, Canada, Cayman Islands, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Hong Kong, Japan, Korea Republic of, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Spain, Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Malware Detected on Host
Count: 1029 221ff8793e957c80cce4c14383dd0cf6b9b411f3a2061e014c65d24be7499e94 df0d0bf321a4a5d64c1edc9d34520b5cd372a087297aed047d8d67f707f57d7a 37943834bf4d591f9f0c339affc7d524c0dfee4fc63b7586ee178ea14f8a1d9d b889f18eeeaf0643d60a7eda79e3adbb364bb4f848c371788016d8c4f9f4dcc6 ec2dc64367775c73ec74474443d71007305feedd6c63adc604d76e7a2a771bf6 71fcc845e05c990fcb870940b85b86cf2cdc2bdcf856c0bb60492f063f858ab2 f2ef960f5df53f02444037a958cc9c4a7c8e8fd36ac6c2f08f8368ac0aad2fe4 bf56fa752365ccdd63beae64b01562cba0f0b1815099fff09d097141512899a2 7e45aa3ff53154d056505b6fd3211a414058b2d2e4fc59f4733adf72c3354ace c949fa1ea1e78108ca018b46f1499a3c3daa5c2910ea23f94271cb98fd8bf10b
Disclaimer
This page contains threat intelligence information for the IPv4 address 198.54.117.197 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.