198.98.51.189 Threat Intelligence and Host Information

Share on:
Apr 29, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force
  • Tags: Bruteforce, Nextray, Port scan, SSH, TOR, Telnet, VPN, attack, badrequest, bruteforce, cyber security, ioc, kfsensor, login, malicious, phishing, probing, rdp, scanner, scanning, ssh, webscan, webscanner, webscanner bruteforce web app attack
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_de, blocklist_de_ssh, blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, cruzit_web_attacks, dm_tor, et_tor, greensnow, haley_ssh, sblam, stopforumspam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, tor_exits, tor_exits_1d, tor_exits_30d, tor_exits_7d

  • Known TOR node
  • Country: United States of America
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 7 81f0a1f4f381e8eaa7d9c0f3be7fcdf23a9c150e3135f177d54bb0be9d8e7f99 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b 442907c8f48473848fd0f6d7f1adde5df6620b12faf0e36c156f2e38ac2f68e7 ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86

Map

Whois Information

  • NetRange: 198.98.48.0 - 198.98.63.255
  • CIDR: 198.98.48.0/20
  • NetName: PONYNET-06
  • NetHandle: NET-198-98-48-0-1
  • Parent: NET198 (NET-198-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2012-07-05
  • Updated: 2012-07-05
  • Ref: https://rdap.arin.net/registry/ip/198.98.48.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2021-03-30 aws-ssh-bruteforce-ip-list-2021-06-12 bruteforce-ip-list-2021-04-19