198.54.117.215 Threat Intelligence and Host Information

Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 198.54.117.215 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1080 - Taint Shared Content, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1114 - Email Collection, T1176 - Browser Extensions, T1218 - Signed Binary Proxy Execution, T1220 - XSL Script Processing, T1497 - Virtualization/Sandbox Evasion, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1564 - Hide Artifacts, T1566 - Phishing, T1568 - Dynamic Resolution

  • Tags: aaaa, accept encoding, acceptencoding, addresses, adwind, adwind rat, agent tesla, agenttesla, agentteslaexe, aggah, alienspy, all at, amadey, ammyy, ammyy admin, analysis, andromeda, andromut, angler, any.run, apart, api key, application, april, archivos, arkeistealer, as13335, ascii text, asprox, asyncrat, august, aurora, ave maria, axpergle, azorult, azorultexe, belarus, bitcoin, bladabindi, body, bokbot, browserpassview, buildtosuit, c2 server, captura, centers, cerber, chacha, chanitor, chatgpt, chi2, Christopher Pool, chthonic, cil executable, city, click, cloudeye, cobalt strike, cobaltstrike, code, colocation data, community, com object, compromise iocs, contained, content type, cookie, copy, country, creation date, cridex, crimson, crimson rat, cryptbot, crysis, cve201711882, cyber security, danabot, darkcomet, darkrat, darkside, date, desktop, details links, dharma, discord, dofoil, domain related, dridex, dridexopendir, dunihi, dyre, egregor, email, email security, emotet, emotetheodo, endpoint na, endpoint secure, entries, entropy, eternalblue, execution, fallout, fareit, february, file hashes, files, file type, first, flawedammy, flawedammyy, formbook, friendly, functionality, gandcrab, glupteba, gootkit, gozi, goziisfb code, goziisfb trojan, guloader, hancitor, hawkeye, heodo, hermes, hillary rodham, history first, houdini, hunter, hworm, icedid, imphash, intel, inyeccin, ioc, isfb, jenxcus, join, june, kill, killswitch, kpot, kpotstealer, kuluoz, link, links community, loader, lockbit, loki, loki bot, lokibot, luminositylink, macos, magic pe32, mailpassview, mailto, maldoc, malicious, malspam, malware, march, mars, maxage0, maxage2592000, maze, mega, mexico, mimikatz, mitre att, mono, ms windows, nanocore, nanocore rat, napoleon, na stealthwatch, nemty, netwalker, netwire, neutral, neutrino, next, Nextray, njrat, nuclear, occurrences ip, office, open, orcus, orcus rat, outgoing links, panda banker, path, phishing, phobos, phorpiex, pinkslipbot, poisonivy, polish, pony, Pool’s Closed, powered shells, powershell, predator, predator pain, privacy admin, privacy tech, psexec, qakbot, qbot, qealler, quasar, quasar rat, quasarrat, raccoon, raccoonstealer, racealer, ransom, ransomware, rats, raw size, recent blog, record value, redacted for, redline, redline stealer, registry keys, remcos, remcosrat, remote access, response final, revenge, revenge rat, revil, rticon, rtmanifest, ryuk, ryuk ransomware, sabey, scarimson, screen, search, sections, see json, seen, server, servhelper, service, sha256, shadow, showing, siplog, smokeldr, smoke loader, smokeloader, snake, sockrat, sodinokibi, spelevo, squirrelwaffle, ssdeep, stateprovince, status texthtml, stealer, stealthwatch na, sticky, submission, systembc, t1027, t1036, t1056, t1080, t1113, t1497, teamspy, teamviewer, terdot, thief, Timothy Pool, tinba, tofsee, track them, trickbot, trid generic, trojan, troldesh, type rticon, ukraine, united, unknown, ursnif, ursnif malware, ursnif trojan, us entropy, utc http, vawtrak, vb script, vhash, vidar, virtual address, virtualizacin, virtual size, virustotal, vt community, wannacry, warzone, wcry ransomware, win32 exe, windigo, winrar, xtremerat, zbot, zloader, zusy

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts_browser, coinbl_hosts, coinbl_ips, hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_mmt, hphosts_pha, hphosts_psh, hphosts_wrz

Malware Detected on Host

Count: 455 552e5793bb3d1a76aa234c46ad8a7f9649ccabd4f96586d036cb430b1f44795a 7a848f9c9c014491e04ada4a50de9f6708ee8bd519bb5af4c3147542157f74cd 36e5332951157310f392cad920d9ff4f23986b3c7eb14f4895dfc2c1cd84d4fd 494c45a55a11b38c9ae4d9ef2b5743330151f50d291b4ef725eed036a7da712f c6d4f851df0a1df985eb1a4d1935c03085bf98e1e95f194f84a6211de26d10a5 a35e8aa13cf6bf197dd30a389ac9f323cc3d144035d2c3603fc30a965b164053 164e08f2cbd769b2775e22a0d878140329a6694cff17a8583c58c4752c28ab7f fb849f32c115a632386d441dcdcee310a0ff55dab6f521f3136ea4168be0d59e 0266a655cec66fa94551c7cbf5039f239ef250e394fd003556914c759dfebc36 211da81fd01c80da7c8d87c4b3a3e44e896545e29d8892f56a7cec9822220083

Open Ports Detected

80

Map

Whois Information

  • NetRange: 198.54.112.0 - 198.54.127.255
  • CIDR: 198.54.112.0/20
  • NetName: NAMEC-4
  • NetHandle: NET-198-54-112-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2015-11-13
  • Updated: 2015-11-13
  • Ref: https://rdap.arin.net/registry/ip/198.54.112.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • network:Class-Name:network
  • network:Auth-Area:198.54.117.0/24
  • network:ID:NET-79086.198.54.117.0/24
  • network:Network-Name:anycast-edge-fwd-range
  • network:IP-Network:198.54.117.0/24
  • network:IP-Network-Block:198.54.117.0 - 198.54.117.255
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:
  • network:City:Atlanta
  • network:State:GA
  • network:Postal-Code:30303/3030
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-79086.198.54.117.0/24
  • network:Created:20190523133801000
  • network:Updated:20190523163010000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com
Share on: