IP Threat Intelligence Briefing: 194.31.220.231
Risk Profile
- Risk Score: 80 (High Risk)
- Ownership: Registered to Hassan Ahmed (ASN 201749, RIPE)
- Geolocation: Baghdad, Iraq (33.34°N, 44.4°E)
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP banners)
- Control Plane: BGP prefix 194.31.220.0/24, DNSSEC valid, 6 DNSBL listings
Threat Indicators
- No direct malware, phishing, or attack indicators detected.
- Subnet abuse density: 0.5 (moderate risk), with 2 out of 4 sibling IPs flagged as threats.
- ICMP validation failed ("ICMP blocked - unable to validate"), suggesting potential network filtering or evasion.
Observation History
- 15 observations over 30 days:
- 30% confidence in network classification (non-residential, non-cloud).
- 50% confidence in geolocation (3675.7 km from probe, plausible).
- No persistent malicious activity or campaign associations.
Relationships
- Linked to 11 network entities (repeated "IQ-SUPERCELL1-20191120" entries).
- No direct connections to known organizations, domains, or certificates.
Neighborhood Analysis
- 194.31.220.231/24 subnet:
- 3 active sibling IPs (2 high-risk, 1 medium-risk).
- Abuse density: 0.5 (moderate).
- No immediate lateral movement or shared malicious activity detected.
Recommendations
1. Monitor subnet for emerging threats due to moderate abuse density.
2. Investigate Hassan Ahmed's ASN (201749) for potential abuse patterns.
3. Validate geolocation with alternative probes, as ICMP is blocked.
4. Consider blocking high-risk neighbors (194.31.220.228โ230) if traffic anomalies persist.
Conclusion
This IP exhibits high risk due to its subnet's abuse density and firewalled nature, but no direct malicious activity is currently observed. Further monitoring of the subnet and owner's network is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hassan Ahmed |
| ASN | AS201749 |
| Network Name | โ |
| CIDR Block | 194.31.220.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-26 18:11:00 UTC |
| Profile Built | 2026-06-23 03:38:56 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.