198.98.56.118
# IP Intelligence Briefing: 198.98.56.118/32
## Executive Summary
IP address 198.98.56.118 is a colocation hosting IP owned by FranTech Solutions (AS53667) located in New York, NY. The IP demonstrates a low-risk profile with no active threat indicators, though it is associated with a subnet containing multiple medium-to-high risk sibling IPs. The IP is firewalled with no open services, reducing immediate exploitation vectors.
## Network Profile
- Organization: FranTech Solutions (BuyVM)
- ASN: 53667 (Frantech/BuyVM)
- Location: New York, NY, United States
- Infrastructure Type: Colocation Hosting
- Network Role: Hosting provider with firewall protections
- Geolocation Confidence: Valid (geoPlausible: true)
## Threat Assessment
- Current Risk Score: 0 (Low Risk)
- Provider/Authority Scores: 0 (neutral)
- Blacklist Status: Currently listed on 8 threat lists with high severity indicators observed in recent monitoring
- Known Campaigns: None detected
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
- Abuse Confidence Score: Not available
## Behavioral Indicators
- Service Status: Firewalled with no open ports or active services
- TLS/HTTP: No certificates, no HTTP title, no TLS configuration
- DNS: No PTR records, no forward resolution, 0 hosted domains
- Email Reputation: No email authentication records (SPF/DMARC)
## Neighborhood Analysis (198.98.56.0/24)
- Abuse Density: 0.5 (moderate)
- Total Siblings: 4
- Active Siblings: 2
- Threat Siblings: 2
- Risk Distribution: 0 high-risk, 2 medium-risk, 1 low-risk
Sibling IPs:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 198.98.56.205 | 65 | 60 |
| 198.98.56.215 | 25 | 50 |
| 198.98.56.227 | 65 | 50 |
## Relationship Graph
The IP maintains 15 network-level relationships, all associated with "PONYNET-06," indicating consistent network infrastructure placement within the Frantech network infrastructure.
## Observation History (18 records)
Recent signal observations indicate:
- June 20, 2026: Listed on 8 blacklists with maximum severity "high" (confidence: 0.85)
- June 9, 2026: Previously listed on 8 blacklists but with zero actual listings (confidence: 0.50)
- DNSSEC: Validated on June 20, 2026 (was invalid on June 9)
- Subnet Classification: Consistently classified as "mostly_clean" with 50% abuse density
## Control Plane Data
- BGP Prefix: 198.98.48.0/20
- Route Stability: Unstable (route changes observed)
- RPKI State: Not validated
- DNSSEC Validation: Invalid
## Recommended Security Actions
Based on the IP's risk profile and neighborhood context, the following actions are recommended:
1. Traffic Analysis: Monitor for connection attempts to this IP, particularly from external networks
2. Blocklist Verification: The IP shows recent high-severity blacklist listings; verify current status before blocking
3. Network Segmentation: Consider isolating this /24 subnet due to the presence of 2 high-risk sibling IPs
4. Geographic Filtering: Evaluate if New York-based hosting requires additional scrutiny based on threat intelligence
5. Log Monitoring: Monitor for any service enumeration attempts or connection anomalies
## Threat Intelligence Narrative
IP 198.98.56.118 operates as a firewalled colocation host with minimal direct threat indicators. However, the subnet environment contains multiple medium-to-high risk sibling IPs (198.98.56.205 and 198.98.56.227 both showing risk score 65). Recent blacklist activity with high severity ratings suggests potential reputation issues, though the current IP remains service-protected. The network infrastructure shows route instability and minimal operator validation, warranting enhanced monitoring. SOC teams should treat inbound connections cautiously while prioritizing investigation of the high-risk sibling IPs within the same subnet.
---
*Report generated: [Current Date]*
*Data Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 45% | 2 | 5 |
| routing | 8% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:57:02 UTC |
| Last Seen | 2026-06-28 14:02:37 UTC |
| Profile Built | 2026-06-29 02:07:55 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 23 |
Full dossier details are available via our API.