198.98.57.141 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 198.98.57.141 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1110 - Brute Force

• Tags: botnet, brute force, Bruteforce, Brute-Force, info, notice, port 23, RimbaSiber, scanners, ssh, SSH, tcp/23, telnet

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 29 times
• Protocols Attacked: ssh
• Countries Attacked: Australia, Malaysia, United States of America
• Passive DNS Results: us.crove.cc

Open Ports Detected

10000 10001 10018 10027 10034 10037 10040 10081 10084 10089 10090 10180 10200 10210 10243 10250 10324 10398 10443 10444 10445 10477 10480 10554 10894 10909 10911 10934 10935 10936 11007 11027 11065 11075 11112 11210 11211 11288 11300 11371 11434 11443 11480 11601 11602 11681 11688 12000 12056 12104 12106 12108 12110 12114 12117 12130 12135 12136 12137 12142 12145 12148 12149 12151 12152 12154 12155 12161 12169 12171 12172 12173 12174 12179 12181 12182 12186 12187 12190 12191 12192 12193 12195 12201 12202 12208 12211 12213 12214 12216 12224 12225 12226 12227 12229 12231 12234 12235 12245 12249 12254 12255 12262 12266 12268 12273 12275 12278 12282 12283 12286 12292 12295 12300 12304 12309 12312 12320 12324 12329 12334 12339 12343 12345 12346 12349 12355 12361 12364 12365 12367 12370 12379 12382 12386 12396 12400 12402 12409 12420 12425 12430 12436 12440 12449 12450 12451 12452 12463 12482 12483 12485 12486 12487 12491 12497 12498 12501 12505 12506 12508 12510 12511 12515 12517 12524 12530 12531 12535 12542 12543 12546 12549 12554 12558 12559 12562 12568 12571 12574 12576 12581 12582 12583 12615 12902 12980 22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

• NetRange: 198.98.48.0 - 198.98.63.255
• CIDR: 198.98.48.0/20
• NetName: PONYNET-06
• NetHandle: NET-198-98-48-0-1
• Parent: NET198 (NET-198-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2012-07-05
• Updated: 2012-07-05
• Ref: https://rdap.arin.net/registry/ip/198.98.48.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2025-09-22 vultrparis-ssh-bruteforce-ip-list-2025-09-22