# IP Intelligence Briefing: 198.98.62.158/32
Date: June 2026
Analyst: IPDebrief Intelligence
Classification: MODERATE RISK
---
## Executive Summary
IP address 198.98.62.158 is identified as a Tor exit node with moderate risk profile (55/100). The endpoint operates from New York, NY, under ASN 53667 (FranTech Solutions). While not classified as a known attacker or spam source, the IP exhibits Tor exit node behavior and is listed on 3 of 8 DNSBL feeds. The IP presents single-service HTTP functionality with no reverse DNS resolution.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **IP Address** | 198.98.62.158 |
| **Risk Score** | 55 (Moderate) |
| **Organization** | FranTech Solutions |
| **ASN** | 53667 |
| **Geolocation** | New York, NY, US |
| **BGP Prefix** | 198.98.48.0/20 |
| **Route Stability** | Stable |
| **Delegation Age** | 5,667 days |
---
## Threat Indicators
Tor Exit Node: Confirmed
- Multiple Tor exit node indicators observed
- Listed on 3 DNSBL feeds (of 8 total)
- Abuse confidence: Present but not flagged as known attacker
Service Profile:
- Open Ports: 80/tcp (HTTP)
- Server Banner: "x-your-address-is" in header order
- TLS Certificate: None
- Hosted Domains: 0
DNS Analysis:
- PTR Hostnames: None
- Forward Resolution: Failed
- Email Auth: No SPF/DMARC records
---
## Network Neighborhood Analysis
Subnet: 198.98.62.0/24
- Abuse Density: Clean (0)
- Subnet Classification: Clean
- Total Siblings: 2
- Threat Siblings: 0
Neighbor IP: 198.98.62.211
- Risk Score: 65
- Authority Score: 50
- Classification: Elevated risk within otherwise clean subnet
---
## Historical Observations
Total Observations: 47 signals
Observation Period: Recent monitoring window
Signal Timeline:
- 2026-06-28 19:14:45: High-severity blacklist listing detected (3 of 8 lists)
- 2026-06-27 17:58:20: Minimal risk score (0)
- 2026-06-27 10:31:01: Minimal risk score (0)
- 2026-06-27 03:19:59: Minimal risk score (0)
Trend Analysis: The IP demonstrates transient risk elevation, with recent high-severity listings followed by periods of minimal activity. No persistent malicious patterns detected.
---
## Network Relationships
Total Relationships: 173
Primary Association: PONYNET-06 (network)
- All 173 relationships classified as "Same Network"
- Indicates centralized infrastructure operation
---
## Recommended Security Actions
For Inbound Traffic
- Rate Limiting: Implement connection rate limiting for port 80
- Tor Traffic Blocking: Block traffic originating from known Tor exit node IP ranges
- DNSBL Check: Verify against current DNSBL lists before allowing connections
For Firewall Rules
```bash
# iptables example
iptables -A INPUT -s 198.98.62.158/32 -p tcp --dport 80 -m limit --limit 10/min -j ACCEPT
iptables -A INPUT -s 198.98.62.158/32 -p tcp --dport 80 -j DROP
```
Monitoring Recommendations
- Monitor for connection spikes from this IP
- Track blacklist status changes
- Observe for emergence of additional open ports or services
---
## Risk Assessment
Overall Risk: MODERATE (55/100)
Key Risk Factors:
- Confirmed Tor exit node operation
- Multiple DNSBL listings
- No reverse DNS or email authentication
- Single-service HTTP configuration
Mitigating Factors:
- Not flagged as known attacker or spam source
- Stable BGP routing
- Clean neighborhood classification
- No persistent malicious campaigns detected
---
Intelligence Summary: This endpoint warrants monitoring but does not require immediate blocking. The Tor exit node classification presents legitimate abuse potential for C2 or spam operations. SOC teams should maintain awareness of activity patterns and implement appropriate rate limiting controls.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 198.98.48.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 26% | 2 | 3 |
| ownership | 19% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:39 UTC |
| Last Seen | 2026-06-28 19:14:50 UTC |
| Profile Built | 2026-06-29 07:19:24 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 49 |
Full dossier details are available via our API.