198.98.50.112 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.98.50.112 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Tags: Bruteforce, Brute-Force, cyber security, ioc, malicious, Nextray, phishing, SSH

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, greensnow, haley_ssh, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam_365d, talosintel_ipfilter, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Known TOR node
• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: izy.sh block2.mmms.eu

Malware Detected on Host

Count: 9 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 f7320ef9a53edb4db8ebe8ae6142d43c3bba4b9081a5d1f3ea82b32cc640dc3e caa1241730c0dd6844a54bd4ef74d7238c83180e01266ba4f65e5d2cc2855f2f e61f648c1312ac42c7ff64da0638fcae1270c62397e27bc98d6e6a73d382358c 8ca59dea0bc459ad3ecded6a7f62f3496fa5d52c246eef903dc0b11c7f39c242 bec6b87763b6440dd84a10c7c9d417dc77fc9fbbd560fd9c5fd46a213041ea98 1ea6e228b98c2b1d1fcd3e10c40119cec7ccdc63d256b29ad81800d5b61ba1d1 2e66d07f6dc0aaaa247802ba12be12fc5904b0a23d6118c76718c3f84125b871 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86

Open Ports Detected

1935 443 80

Map

Whois Information

• NetRange: 198.98.48.0 - 198.98.63.255
• CIDR: 198.98.48.0/20
• NetName: PONYNET-06
• NetHandle: NET-198-98-48-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2012-07-05
• Updated: 2012-07-05
• Ref: https://rdap.arin.net/registry/ip/198.98.48.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: fdias@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: fdias@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

****** aws-ssh-bruteforce-ip-list-2021-06-21 aws-ssh-bruteforce-ip-list-2021-05-11 vultrmadrid-ssh-bruteforce-ip-list-2023-03-23 ****** ******