35.130.111.98

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 35.130.111.98/32

Classification: HIGH RISK

Date: 2026-06-18

Analyst: IPDebrief SOC Intelligence Team

## Executive Summary

IP address 35.130.111.98 presents an elevated security concern with an overall risk score of 80/100. The address is associated with COUNTRY INN AND SUITES (ASN 20115) and resolves to cloud infrastructure hosting services. While the immediate threat indicators show no active campaigns or known attacker signatures, the IP exhibits characteristics consistent with malicious infrastructure, including multiple DNSBL listings and high-risk neighborhood correlation.

## Ownership and Network Context

Organization: COUNTRY INN AND SUITES
ASN: 20115 (COUNTRY-INN-AND-SUITES)
CIDR Block: 35.130.111.96/29
RIR: ARIN
Geolocation: United States, Tennessee (Pigeon Forge)
Network Role: Cloud infrastructure with CDN/hosting characteristics

## Risk Assessment

Metric	Value
Risk Score	80/100
Provider Score	0
Authority Score	0
DNSBL Listings	6/8 total
Reputation	High Risk
Stability	Null

## Technical Profile

DNS Resolution:

PTR Hostname: syn-035-130-111-098.biz.spectrum.com
Forward Resolution: Confirmed
Email Authentication: SPF and DMARC records present

Service Exposure:

Open Ports: None detected
TLS Certificate: None
HTTP Banner: None
Status: Firewalled / No Services

Control Plane:

BGP Prefix: 35.130.96.0/20
Route Stability: False (not stable)
DNSSEC: Valid
RPKI State: Not available

## Threat Intelligence

Active Threat Indicators:

Known Campaigns: None
Blacklist Count: 0
Is Tor Exit: False
Is Known Attacker: False
Is Spam Source: False

Abnormalities:

Operator Score: 0.2609 (Basic)
DNSBL Listed: Yes (6 listings)
Control Plane Anomaly: Route stability issues detected

## Neighborhood Analysis (35.130.111.0/24)

Subnet Abuse Density: 1 (elevated)
Classification: Mostly clean
Total Siblings: 2
Active Siblings: 0
Threat Siblings: 2
Inherited Risk: 5

Notable Neighbor: 35.130.111.146 (Risk Score: 80)

## Historical Observations

17 total observations recorded. Recent signals indicate:

Subnet abuse density consistently reported at 1
Ownership changes: 0 (stable ownership)
Threat persistence days: 0 (no persistent malicious activity detected)
Threat observation count: 1 (isolated events)
Is Persistently Malicious: False

Geolocation signals show US placement with 2500 km accuracy radius, though geo-plausibility validation failed.

## Recommended Actions

Immediate Mitigation

Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 35.130.111.98 -j DROP

# nftables

nft add rule inet filter input ip saddr 35.130.111.98 drop

# nginx

deny 35.130.111.98;

```

Monitoring Recommendations

1. Increase logging verbosity for traffic from this IP address

2. Review recent activity for potential malicious behavior

3. Monitor subnet 35.130.111.0/24 for correlated activity with neighbor 35.130.111.146

WAF/CDN Configuration

Cloudflare WAF:

```json

{

"description": "Block 35.130.111.98 — IPDebrief risk score 80",

"action": "block",

"filter": {"expression": "ip.src eq 35.130.111.98"}

}

```

AWS WAF:

Addresses: 35.130.111.98/32
Description: IPDebrief risk 80

## Intelligence Narrative

The IP address 35.130.111.98 appears in a cloud infrastructure environment associated with COUNTRY INN AND SUITES hosting. While the IP itself shows no direct evidence of active exploitation campaigns or known attacker signatures, the combination of DNSBL listings, route instability, and association with high-risk neighbors suggests this address may be utilized for opportunistic malicious activity.

The lack of open services indicates the IP is either properly configured with strict egress filtering, or represents infrastructure that has been taken down or is in a decommissioned state. The neighborhood analysis reveals two threat-sibling IPs within the /24, suggesting this subnet may be targeted for abuse or is being shared among multiple entities.

Priority: Medium-High

Action Required: Block at perimeter, monitor for traffic patterns, review subnet-level correlation.

---

*This briefing is based on IPDebrief intelligence platform data. All recommendations should be validated against additional threat intelligence sources before implementation.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	TN
City	Pigeon Forge
Timezone	—
Latitude	35.79
Longitude	-83.57

🏢 Ownership & Registration

Organization	COUNTRY INN AND SUITES
ASN	AS20115
Network Name	COUNTRY-INN-AND-SUITES
CIDR Block	35.130.111.96/29
RIR	ARIN
Country	United States
Abuse Contact	—

🌐 DNS Intelligence

PTR	syn-035-130-111-098.biz.spectrum.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`syn-035-130-111-098.biz.spectrum.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Multi-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
22	ssh	tcp	SSH-2.0-ROSSSH
Closed Ports	25, 443, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-ROSSSH

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	3
routing	8%	1	1
services	8%	1	1
ownership	21%	2	2
reputation	28%	1	3
geolocation	21%	2	2
Overall	20%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:16 UTC
Last Seen	2026-06-26 18:11:14 UTC
Profile Built	2026-06-26 11:09:54 UTC
Data Freshness	Live
Signal Types	20
Total Observations	21

🔍 20 signal types · 21 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

35.130.111.98📋 Copy