Moderate Risk
IP 198.55.98.249 is a moderate-risk address operating from Kprohost LLC's network in the United States that has been flagged for Email Spam activity, with 303 cumulative reports logged by automated honeypot sensors during September 2025, indicating a credible but narrowly focused threat profile.
The IP is registered to AS214940 under Kprohost LLC, a United States-based network operator. Analysis of available telemetry shows a total of 303 reports filed against this address, with all 20 of the most recent reports specifically categorizing the activity as Email Spam. Detection occurred exclusively through automated honeypot sensors, yielding a confidence score of 56% and an activity frequency rating of 0 out of 10. The September 2025 reporting window suggests this is a relatively recent emergence on threat intelligence feeds, though the low frequency rating indicates the activity is intermittent rather than sustained.
Email Spam represents one of the most prevalent threats in network abuse, involving the mass distribution of unsolicited messages that can carry phishing payloads, malware attachments, or fraudulent content. While a confidence score of 56% reflects some uncertainty in attribution, the concentration of honeypot reports focused solely on SMTP abuse patterns suggests this address is actively involved in sending spam or testing spam delivery infrastructure rather than conducting broader network intrusion attempts. The activity poses a concrete risk to any exposed mail servers that might relay or receive from this source.
Network administrators should implement SPF, DKIM, and DMARC email authentication protocols to validate incoming mail and prevent spoofing. Deploying reputation-based email filtering services will automatically flag or block messages originating from addresses with poor IP reputations. Blocking SMTP connections from this address at the perimeter firewall provides a straightforward mitigation. Additionally, monitoring logs for any SMTP connection attempts matching the patterns observed by honeypot sensors can help refine site-specific blocking rules using tools like fail2ban.
UA 
RO 
LU 
PA 
VN