Is IP address 203.228.30.198 dangerous?

Yes, 203.228.30.198 is considered dangerous with a threat level of 10/10. It has been reported 368 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 203.228.30.198?

IP address 203.228.30.198 is operated by Korea Telecom (ASN 4766) and is geolocated to KR. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 203.228.30.198?

Yes, blocking 203.228.30.198 is strongly recommended. With a threat level of 10/10 and 368 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 203.228.30.198?

Our threat assessment for 203.228.30.198 has a confidence score of 80%, based on 368 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

203.228.30.198

IPv4 Public

AS4766

Korea Telecom

368 Reports

KR Location

Korea Telecom ASN 4766

368 Reports

Honeypot Data Source

Critical Alert

IP 203.228.30.198, registered to Korea Telecom's network in South Korea, presents a severe threat level of 10/10 based on 358 abuse reports logged between September 2025 and June 2026. This address has been flagged across 20 automated honeypot sensors with an activity frequency rated at 6 out of 10, indicating sustained and persistent malicious behaviour over an extended nine-month period.

The overwhelming majority of detections centre on SSH brute-force attack activity, which accounts for the vast proportion of the 358 total reports. Sensor logs document repeated fail2ban triggers against sshd services, with violation counts ranging from 25 to 37 per incident, alongside Suricata alerts noting active SSH sessions established on expected default ports. The presence of exploited-host and general hacking categories alongside the dominant SSH pattern suggests this address may be operating compromised infrastructure being leveraged as an automated attack platform, rather than a single attacker manually conducting probes.

SSH brute-force attacks pose a concrete and immediate risk to any exposed server listening on port 22 or commonly used alternative ports. Attackers systematically attempt credential combinations against these endpoints, and successful authentication grants full shell access to the underlying system. Once compromised, servers can be weaponised for further intrusion campaigns, data exfiltration, cryptomining, or inclusion in botnets, creating cascading risk across interconnected infrastructure. The sustained frequency of activity from 203.228.30.198 indicates it is almost certainly part of an automated scanning and exploitation campaign rather than opportunistic probing.

Operators should block 203.228.30.198 at the firewall level and implement fail2ban to automatically ban repeated SSH authentication failures. Enforcing key-based authentication exclusively, disabling root login, and moving SSH to a non-standard port significantly reduces exposure. Keeping systems patched and monitoring for unusual SSH session activity on expected ports will further harden defences against this class of threat.

More threatening than 95% of monitored IPs

Threat Categories

SSH 28

Hacking 7

Exploited Host 2

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 2 weeks indicates persistent threat actor operations.

First Observed 21. May 2026

Last Activity 8. June 2026

Recent (7 days) 0 incidents

Moderate Network Risk

The network hosting this IP (ASN 4766, operated by Korea Telecom) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Long-term blocking recommended.

Reputation Summary

Threat Level 10/10 Critical

Critical

Activity Frequency 8/10 High

Confidence Score 79% Verified

Confidence History

23. Apr 2026 - 8. Jun 2026

80% Current

Stable Trend

Date	Categories	Source	Confidence
8. Jun 2026	SSH	Honeypot	75%
8. Jun 2026	SSH	Honeypot	75%
7. Jun 2026	SSH	Honeypot	75%
5. Jun 2026	Hacking SSH	Honeypot x2	75%
5. Jun 2026	Hacking SSH	Honeypot x2	75%
5. Jun 2026	SSH Hacking	Honeypot x2	75%
5. Jun 2026	SSH Hacking	Honeypot x2	75%
5. Jun 2026	Exploited Host	Honeypot	75%
5. Jun 2026	Hacking SSH	Honeypot x2	75%
2. Jun 2026	SSH	Honeypot	75%
1. Jun 2026	SSH	Honeypot	75%
30. May 2026	SSH	Honeypot	75%
29. May 2026	SSH	Honeypot	75%
29. May 2026	SSH	Honeypot	75%
28. May 2026	SSH Hacking	Honeypot x2	75%
28. May 2026	Exploited Host	Honeypot	75%
28. May 2026	Hacking SSH	Honeypot x2	75%
27. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
25. May 2026	SSH	Honeypot	75%
21. May 2026	SSH	Honeypot	75%
9. May 2026	SSH	Honeypot	75%
9. May 2026	SSH	Honeypot	75%
8. May 2026	SSH	Honeypot	75%
8. May 2026	SSH	Honeypot	75%
7. May 2026	SSH	Honeypot	75%
6. May 2026	SSH	Honeypot	75%
4. May 2026	SSH	Honeypot	75%
1. May 2026	SSH	Honeypot	75%
23. Apr 2026	SSH	Honeypot	75%

Basic Information

IP Address: 203.228.30.198
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class C

Geolocation

Country: KR
ASN: AS4766
ISP: Korea Telecom

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 368
First Reported: 12 Sep 2025
Last Reported: 8 Jun 2026, 05:59

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS4766

Organization: Korea Telecom

Country:

Network Threat Assessment

5/10

This network has low threat indicators with minimal suspicious activity.

Network Statistics

930

Total IPs Monitored

17,918

Total Reports

19.3

Reports per IP

Network Context

This IP address belongs to Korea Telecom (AS4766), which manages 930 IP addresses in our monitoring system. Out of these, 17,918 have been reported for suspicious activities, resulting in a network-wide threat level of 5/10.

Network notice: This network shows some suspicious activity patterns. Monitor interactions with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

95 %

Global Threat Ranking

This IP is more threatening than 95% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 220,048 reported IPs worldwide

Threat Level 10/10 avg: 5.5 ++

Total Reports 368 avg: 22 ++

Network Comparison

Compared against 1,090 IPs in ASN 4766

Threat Level 10/10 network avg: 5.2 ++

Total Reports 368 network avg: 18 ++

Network Korea Telecom has overall threat level 5/10

Geographic Comparison

Compared against 2,483 IPs in KR

Threat Level 10/10 country avg: 5.5 ++

Total Reports 368 country avg: 18 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 5 Jun 2026 6 reports

Daily Average 0.7 reports/day

Most Active Friday 252 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Hacking 254

SSH 121

Exploited Host 3

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 06:00 with 134 reports

Weekly Activity

Geographic Threat Distribution

206,192 threat incidents tracked globally • Last 24h: 17,575 Logs

FEED

Top Threat Sources

01

United States US

42,552 20.6%
02

India IN

33,078 16%
03

China CN

27,693 13.4%
04

Brazil BR

11,123 5.4%
05

Germany DE

7,851 3.8%
06

Singapore SG

6,834 3.3%
07

Indonesia ID

6,133 3%
08

Pakistan PK

5,417 2.6%
09

Russia RU

5,221 2.5%
10

Netherlands NL

4,725 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

9.6/10 Avg Threat

99% Avg Confidence

20 High Threat

High-risk network: Majority of related IPs are flagged

Critical Alert

Threat Categories

Technical Details

Recommended Mitigations

Behavioral Analysis

Moderate Network Risk

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]