130.61.190.249
# IP INTELLIGENCE BRIEFING
Target: 130.61.190.249/32
Classification: Oracle Cloud Infrastructure
Risk Level: Moderate (Score: 50)
Date: Current
---
## EXECUTIVE SUMMARY
IP 130.61.190.249 is an Oracle Cloud Compute resource with a moderate risk profile (50/100). The IP is not classified as a known attacker, spam source, or Tor exit node. While no active threat indicators are currently present, the IP appears on 2 of 8 DNSBL listings with high-severity classifications. The subnet (130.61.190.0/24) shows low abuse density with no active threat siblings in the immediate neighborhood.
---
## TECHNICAL PROFILE
Ownership & Infrastructure:
- ASN: 31898 (Oracle Public Cloud)
- Organization: Oracle Cloud
- BGP Prefix: 130.61.128.0/17
- Infrastructure Type: CloudCompute
- Network Classification: Firewalled / No Services Detected
Geolocation:
- Reported Location: United States
- Coordinates: 39.83°N, -98.58°W (Kansas region)
- RTT Analysis: 103-106ms average, 2,958km minimum distance
- Note: Geolocation data shows consensus across multiple sources
Network Services:
- Open Ports: None detected (firewalled)
- TLS Certificates: Not applicable
- HTTP Services: No active services
- DNS Records: No PTR hostnames, no forward resolution
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Known Attacker | Negative |
| Tor Exit Node | Negative |
| Spam Source | Negative |
| Blacklist Count | 2 of 8 lists |
| DNSBL Listings | 2 (high severity) |
| Campaign Correlation | None |
Threat Feeds: No active threat feed matches
---
## OBSERVATION HISTORY
Total Observations: 18
Recent Activity:
- 2026-06-17: Operator score recorded at 0.1304 (Minimal), DNSBL listings detected with high severity
- 2026-06-13: Cloud infrastructure classification confirmed; geolocation signals received
Temporal Analysis:
- Ownership changes: 0
- Threat persistence days: 0
- Not persistently malicious
- Threat observation count: 1
---
## NETWORK RELATIONSHIPS
Same Network Relationships: 20 relationships to Oracle Cloud network "OOC-195"
Neighbor Subnet Analysis:
- Subnet: 130.61.190.0/24
- Abuse Density: 1 (low)
- Classification: mostly_clean
- Active Threat Siblings: 0
---
## SECURITY RECOMMENDATIONS
Current Risk Assessment: Moderate
Recommended Action: Monitor or block based on operational requirements
Firewall Rules Available:
- iptables: `iptables -A INPUT -s 130.61.190.249 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 130.61.190.249 drop`
- nginx: `deny 130.61.190.249;`
- pfSense: `130.61.190.249/32`
- Cloudflare WAF: Block with expression `ip.src eq 130.61.190.249`
- AWS WAF: Addresses `130.61.190.249/32`
---
## ANALYST NOTES
1. Cloud Infrastructure Context: This IP belongs to Oracle Cloud's public cloud infrastructure. Cloud IP addresses inherently present higher false-positive risks due to legitimate traffic patterns.
2. DNSBL Listings: The presence on 2 DNSBLs with high-severity classification warrants investigation if traffic from this IP is observed. These may relate to outbound connections rather than inbound attacks.
3. Route Stability: BGP routing shows instability (isRouteStable: false), which is common in cloud environments but worth monitoring for anomalous behavior.
4. No Active Services: The IP is firewalled with no open ports or services detected, reducing its potential as an attack vector.
5. Subnet Context: The /24 neighborhood shows minimal abuse density, suggesting this IP is operating in a relatively clean segment of Oracle Cloud's infrastructure.
---
Disclaimer: This intelligence is based on available data from IPDebrief's threat intelligence platform. Actions should be combined with other security signals before implementation.
Source: IPDebrief Intelligence Platform
Status: Current / Active Monitoring Recommended
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Oracle Public Cloud |
| ASN | AS31898 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 24% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:39 UTC |
| Last Seen | 2026-06-26 22:14:54 UTC |
| Profile Built | 2026-06-27 18:27:55 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.