198.98.58.235 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.98.58.235 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 29 times
• Protocols Attacked: ntp
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: 198.98.58.235

Malware Detected on Host

Count: 7 ee981c8ac8e43783c9388ff9fcad2677d822516abc729c244a70391129e18403 61a5dadd0fbc57eac930cef9d3661f35280fb0f63bd964d32225d5785521ad2b f9dfdb80b1eddf35bac560f3d15ab2810406ab08d1fd335dc054907d827d3b7b 9fecfbd272552222c83ba3bd4e975ec123463f0fbb6673c8c6bcce4d7cb87b06 5ded864f9586b86935350ca29badc8d49b90dbb7afb3645abd2e3be1fcc91d3c 31e54c680dc0bfd196d4d600c3650f81914030919b41160f5e842eb7b125d202 7d54ac3e93ae4691cc038b9cc5e50ad82ade76c176eea6115e6683ba5b1eae3b

Open Ports Detected

22

Map

Whois Information

• NetRange: 198.98.48.0 - 198.98.63.255
• CIDR: 198.98.48.0/20
• NetName: PONYNET-06
• NetHandle: NET-198-98-48-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2012-07-05
• Updated: 2012-07-05
• Ref: https://rdap.arin.net/registry/ip/198.98.48.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: fdias@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: fdias@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

****** aws-ntp-bruteforce-ip-list-2020-08-07 ntp-bruteforce-ip-list-2020-08-07 ****** awsau-ntp-bruteforce-ip-list-2020-08-07 ******