130.185.96.113

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 130.185.96.113/32

Classification: High Risk

Date: 2026-06-22

Analyst: IPDebrief Intelligence Team

---

## EXECUTIVE SUMMARY

IP 130.185.96.113 presents an elevated threat profile with a risk score of 80/100. The address is associated with Pelephone Communications Ltd. (ASN 16116) and appears in multiple threat feeds with DNSBL listings across 5 of 8 queried blacklists. The IP shows geolocation inconsistencies (reported in both Israel and Poland), and the /24 neighborhood exhibits moderate abuse density (0.5) with two neighboring IPs flagged as high-risk (130.185.96.126) and medium-risk (130.185.96.125).

---

## NETWORK PROFILE

Attribute	Value
Risk Score	80/100 (High Risk)
ASN	16116 - Pelephone Communications Ltd.
Country	IL (Israel)
Geolocation	31.05°N, 34.85°E (Jerusalem region)
Network Role	Firewalled / No Services
DNSBL Lists	5/8 (Listed)
Route Stability	False
DNSSEC	Valid

---

## THREAT INDICATORS

DNSBL Presence: IP listed on multiple blacklists including Alienvault OTX
Operator Score: 0.1304 (Minimal)
Threat Persistence: 0 days observed
Campaign Correlation: 0 correlated IPs identified
Tor Exit: No
Known Attacker: No
Spam Source: No

---

## OBSERVATION HISTORY

Signal monitoring identified 17 historical observations. Key findings:

2026-06-22: Recent operator classification updated to "Minimal"
2026-06-17: Listed on 8 blacklists with 5 high-severity entries
Geolocation Discrepancy: Alienvault OTX signal indicates Poland (52.2394, 21.0362) vs. primary geolocation of Israel
Subnet Abuse Density: 0.3333 classification

---

## NETWORK NEIGHBORHOOD ANALYSIS

Subnet: 130.185.96.113/24

Total Siblings: 3
Active Siblings: 1
Threat Siblings: 1
Abuse Density: 0.5 (Moderate-High)
Inherited Risk: 2

High-Risk Neighbors:

IP Address	Risk Score	Authority Score
130.185.96.125	55	50
130.185.96.126	80	50

---

## RELATIONSHIP MAPPING

17 relationship records identified, all mapped to same network designation "IL-PELEPHONE-20111024". No external entity correlations (organizations, hostnames, certificates) detected beyond network-level associations.

---

## RECOMMENDED ACTIONS

Priority: Critical

Risk Score: 80/100

Platform	Action
iptables	`iptables -A INPUT -s 130.185.96.113 -j DROP`
nftables	`nft add rule inet filter input ip saddr 130.185.96.113 drop`
nginx	`deny 130.185.96.113;`
pfSense	Block 130.185.96.113/32
Cloudflare WAF	Block with expression: `ip.src eq 130.185.96.113`
AWS WAF	Block CIDR: 130.185.96.113/32

Monitoring Recommendation: Increase logging verbosity and review all recent activity from this IP address due to elevated risk classification.

---

## ANALYST NOTES

1. The IP shows no active service ports but maintains DNS records pointing to a maverick.com.pl infrastructure

2. Geolocation validation flagged as inconsistent (IL vs PL reports)

3. Neighborhood risk suggests potential shared infrastructure abuse patterns

4. Route instability (false) may indicate routing anomalies or peering issues

---

*This briefing is based on IPDebrief intelligence data. Recommendations should be validated against internal threat intelligence before deployment.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇱 Israel
Region	—
City	—
Timezone	Asia/Jerusalem
Latitude	31.05
Longitude	34.85

🏢 Ownership & Registration

Organization	Pelephone Communications Ltd.
ASN	AS16116
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Hosted Domain	ip-130-185-96-113.ip.maverick.com.pl

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	2
routing	13%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	17%	1	2
geolocation	19%	2	2
Overall	17%	9	11

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:39 UTC
Last Seen	2026-06-26 18:10:35 UTC
Profile Built	2026-06-22 13:41:09 UTC
Data Freshness	Live
Signal Types	16
Total Observations	17

🔍 16 signal types · 17 observations collected

This report is generated from 16+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

130.185.96.113📋 Copy