180.94.75.102
IP Intelligence Briefing: 180.94.75.102
Date: 2026-06-17
---
**1. Risk Profile**
- Risk Score: 80 (High Risk)
- Ownership: Registered to Muhammad Aslam (ASN 55330, APNIC).
- Geolocation: Afghanistan (Herat city, 34.35°N, 62.2°E).
- Threat Indicators: No active malware campaigns, spam, or known attacker associations.
- Network Role: Web server with open ports 80 (HTTP), 443 (HTTPS), and 22 (SSH). Server banner: `lighttpd/1.4.39`.
---
**2. Network & Security Context**
- Control Plane:
- BGP prefix: `180.94.75.0/24` (ASN 55330).
- DNSSEC and CAA records validated.
- DNSBL Listings: 6 out of 8 DNSBL lists.
- Subnet Abuse:
- Abuse Density: 71.4% (high-risk neighbors: 5/7).
- High-risk neighbors include IPs with scores โฅ80 (e.g., 180.94.75.42, 180.94.75.110).
- Subnet classification: Mixed (combination of high-risk and low-risk IPs).
---
**3. Historical Observations (Last 30 Days)**
- Recent Activity:
- TLS scan on 2026-06-02 (ports 80, 443, 22).
- Connection failure reported on 2026-06-16 (potential misconfiguration or blocking).
- No persistent malicious activity detected.
---
**4. Relationships & Neighbors**
- Network Relationships:
- Linked to GCN-DCN networks (likely a typo or internal network identifier).
- Neighbor IPs:
- High-risk siblings: 180.94.75.42, 180.94.75.110, 180.94.75.114, 180.94.75.122, 180.94.75.202.
- Low-risk siblings: 180.94.75.90.
---
**5. Recommendations**
1. Monitor Subnet: High abuse density in `180.94.75.0/24` suggests potential for lateral movement or compromised hosts.
2. Firewall Rules: Block high-risk neighbors (e.g., 180.94.75.42, 180.94.75.110) using IPDebrief-generated rules for iptables/nftables.
3. DNS & TLS: Investigate DNSBL listings and validate TLS configurations for open ports.
4. Geolocation Verification: Confirm if Herat, Afghanistan, is a legitimate host location or a spoofed geolocation.
---
End of Briefing
*Generated via IPDebrief threat intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Muhammad Aslam |
| ASN | AS55330 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 21% | 9 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:58 UTC |
| Last Seen | 2026-06-26 02:15:04 UTC |
| Profile Built | 2026-06-26 05:47:06 UTC |
| Data Freshness | Fresh |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.