198.98.56.227 Threat Intelligence and Host Information

Nov 11, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 198.98.56.227 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

Mitre ATT&CK IDs: T1110 - Brute Force
Tags: 01.10.2025, 2025, 5060, Apache, block list, brute force, Bruteforce, Brute Force, Brute-Force, china mobile, cisco, columns, company limited, cowrie, hk abusehandler, HoneyNet Connect, honeytrap, hong kong, hurricane us, info, LAMP, Mail, malicious, Mod Security, network, notice, nxdomain, pgp sign, RimbaSiber, scanners, sftp, ssh, SSH, timeout, unknown, us none, Web, wordpress
View other sources: Spamhaus VirusTotal

Country: United States
Network:
Noticed: 34 times
Protocols Attacked: ssh
Countries Attacked: Australia, Finland, France, Germany, Indonesia, Malaysia, Poland, Sweden, United States of America
Passive DNS Results: m2.destiny-wow.com

Open Ports Detected

10001 10002 10010 10013 10017 10019 10023 10031 10032 10040 10043 10044 10051 10066 10087 10089 10090 10106 10180 10181 10210 10243 10250 10255 10256 10283 10390 10443 10445 10554 10894 10909 10911 10933 10943 11000 11084 11112 11211 11288 11300 11371 11434 11596 11602 12000 12056 12088 12104 12105 12108 12117 12126 12129 12132 12133 12137 12141 12142 12143 12144 12148 12150 12154 12158 12176 12178 12180 12181 12183 12184 12186 12188 12192 12194 12200 12204 12207 12213 12220 12226 12230 12235 12247 12249 12251 12253 12255 12259 12260 12261 12264 12269 12272 12276 12277 12284 12285 12286 12292 12300 12303 12304 12306 12308 12313 12318 12321 12332 12338 12340 12345 12353 12362 12363 12364 12372 12375 12381 12382 12385 12388 12389 12390 12394 12404 12407 12411 12414 12415 12418 12421 12422 12425 12432 12434 12435 12437 12439 12441 12444 12449 12450 12453 12460 12465 12475 12484 12486 12488 12496 12503 12505 12510 12517 12518 12524 12530 12542 12548 12549 12552 12555 12556 12558 12560 12566 12567 12573 12574 12575 12902 22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

NetRange: 198.98.48.0 - 198.98.63.255
CIDR: 198.98.48.0/20
NetName: PONYNET-06
NetHandle: NET-198-98-48-0-1
Parent: NET198 (NET-198-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2012-07-05
Updated: 2012-07-05
Ref: https://rdap.arin.net/registry/ip/198.98.48.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-702-728-8933
OrgAbuseEmail: admin@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-702-728-8933
OrgTechEmail: admin@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2025-11-11

Share on: