198.98.51.189 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.98.51.189 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, botscout_30d, botscout_7d, cruzit_web_attacks, dm_tor, et_tor, haley_ssh, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Known TOR node
• Country: United States
• Network:
• Noticed: times
• Protocols Attacked: ssh
• Passive DNS Results: bootooaoo.tk tor.teitel.net seed.bitcoinstats.com

Malware Detected on Host

Count: 7 81f0a1f4f381e8eaa7d9c0f3be7fcdf23a9c150e3135f177d54bb0be9d8e7f99 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b 442907c8f48473848fd0f6d7f1adde5df6620b12faf0e36c156f2e38ac2f68e7 ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86

Open Ports Detected

123 22 53

Map

Whois Information

• NetRange: 198.98.48.0 - 198.98.63.255
• CIDR: 198.98.48.0/20
• NetName: PONYNET-06
• NetHandle: NET-198-98-48-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2012-07-05
• Updated: 2012-07-05
• Ref: https://rdap.arin.net/registry/ip/198.98.48.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: fdias@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: fdias@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2021-03-30 aws-ssh-bruteforce-ip-list-2021-06-12 ****** bruteforce-ip-list-2021-04-19 ****** ******