198.54.126.101 Threat Intelligence and Host Information

Apr 03, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 198.54.126.101 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 42/100

Host and Network Information

  • Tags: agenttesla, agentteslaexe, arkeistealer, azorult, azorultexe, danabot, darkrat, dridex, dridexopendir, emotetheodo, formbook, gandcrab, gozi, hancitor, hawkeye, heodo, icedid, kpot, kpotstealer, loader, loki, luminositylink, nanocore, nemty, netwire, phorpiex, pony, qakbot, qealler, quasarrat, raccoonstealer, remcos, remcosrat, servhelper, stealer, systembc, trickbot, troldesh, zloader

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 1 times
  • Protocols Attacked: SSH

Malware Detected on Host

Count: 414 5ec439c3f8e8a1edc7a2198353570998a1e8f910838a92d715d36295f1b24b58 6a9a3047c827fcd99d8a97668337ca2d7af78b3b634e73e2461e8429e264c7e2 88c7e2cfc25b4b4d07fe41f5c69d4c11ba1df9f7565249f97191d8cdb440ab12 1f5402223635e4eb8fcca3be87c8c160a1376940d27fb314c9a5855fa9337a50 dcbfafbf9cce71636103e119e55063faf22534606ce2dc5128b7dd88da8e0a84 05a56b41f196c7722236bd7c683de4fadea45e63de1ad884796c2fb5cff79a82 331aafcac3f60f5f28a9723642b6cd6bccd32d5fe946b270fb741bd589c17455 26c6224c48e163400b0c6e3fc423c4ec99bd5d7a2b04f899443bf32621626ce7 a2e3de4766310bf249f4d09d405e258d353c55a37119824642670a33d407dbc6 e0c2b02b34558bbe3f97e643baf90e42f8211f2813c0339b30372545be413b18

Open Ports Detected

21 443 80 995

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2017-8923 CVE-2019-20891 CVE-2019-9168 CVE-2020-11579 CVE-2020-29156 CVE-2021-24323 CVE-2022-0775 CVE-2022-2099 CVE-2022-31628 CVE-2022-31629 CVE-2022-4900 CVE-2023-52222 CVE-2024-25117 CVE-2024-9944

Map

Whois Information

  • NetRange: 198.54.112.0 - 198.54.127.255
  • CIDR: 198.54.112.0/20
  • NetName: NAMEC-4
  • NetHandle: NET-198-54-112-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Namecheap, Inc. (NAMEC-4)
  • RegDate: 2015-11-13
  • Updated: 2015-11-13
  • Ref: https://rdap.arin.net/registry/ip/198.54.112.0
  • OrgName: Namecheap, Inc.
  • OrgId: NAMEC-4
  • Address: 11400 W. Olympic Blvd. Suite 200
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90064
  • Country: US
  • RegDate: 2011-01-28
  • Updated: 2024-11-25
  • Ref: https://rdap.arin.net/registry/entity/NAMEC-4
  • OrgTechHandle: EFIME-ARIN
  • OrgTechName: Efimenko, Igor
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: igor.e@namecheap.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
  • OrgAbuseHandle: ABUSE2885-ARIN
  • OrgAbuseName: Abuse team
  • OrgAbusePhone: +1-323-375-2822
  • OrgAbuseEmail: abuse@namecheaphosting.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
  • OrgTechHandle: TECHT4-ARIN
  • OrgTechName: Tech team
  • OrgTechPhone: +1-323-375-2822
  • OrgTechEmail: tech@namecheaphosting.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
  • network:Class-Name:network
  • network:Auth-Area:198.54.126.0/24
  • network:ID:NET-127600.198.54.126.101
  • network:IP-Network:198.54.126.101
  • network:IP-Network-Block:198.54.126.101
  • network:Org-Name:Web-hosting.com
  • network:Street-Address:3402 East University Drive
  • network:City:Phoenix
  • network:State:AZ
  • network:Postal-Code:85034
  • network:Country-Code:US
  • network:Tech-Contact:MAINT-127600.198.54.126.101
  • network:Created:20200714135410000
  • network:Updated:20200714135550000
  • network:Updated-By:net-admin@namecheap.com
  • contact:POC-Name:Network team
  • contact:POC-Email:net-admin@namecheap.com
  • contact:POC-Phone:
  • contact:Tech-Name:Network team
  • contact:Tech-Email:net-admin@namecheap.com
  • contact:Tech-Phone:
  • contact:Abuse-Name:Abuse team
  • contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******

Share on: