45.154.98.199
IP Intelligence Briefing: 45.154.98.199
Date: 2026-06-18
---
**1. Risk Profile**
- Overall Risk Score: 25 (Low Risk)
- Threat Indicators: No malicious activity detected (no indicators, blacklists, or campaigns).
- Network Role: Single-service host (SSH on port 22).
- Geolocation: Netherlands (NL), Flevoland, Lelystad (latitude: 51.37, longitude: 4.91).
- ASN: 210558 (lir-de-1337services-1-MNT, ARIN).
---
**2. Network & DNS**
- DNS:
- PTR hostname: `45.154.98.199.powered.by.rdp.sh`
- Linked to domain `rdp.sh` (likely a remote desktop service).
- Subnet: `45.154.98.199/24`
- Abuse Density: 40.91% (mixed risk).
- Active Neighbors: 6 (23 total in subnet).
- High-Risk Neighbors: 2 IPs (scores 59, 50).
- Services:
- Open port: SSH (port 22, banner: `SSH-2.0-OpenSSH_9.0p1`).
- No TLS certificates or HTTP services detected.
---
**3. Threat & Observation History**
- Recent Observations (Last 30 Days):
- Minimal risk signals (operator score: 0.13).
- No persistent malicious activity (threat persistence: 0 days).
- DNSSEC valid, no DNSBL listings.
- Historical Trends:
- Stable risk profile; no significant changes noted.
---
**4. Relationships & Context**
- DNS Associations:
- Directly linked to `rdp.sh` (potential VPS or remote desktop service).
- Network Peers:
- Shares subnet with 23 IPs, including 9 flagged as high-risk.
- Same network peers include `DE-1337SERVICES-20211028` (likely a larger infrastructure).
---
**5. Recommendations**
- Monitoring:
- Track subnet neighbors with elevated risk scores (e.g., 45.154.98.153, 45.154.98.160).
- Monitor DNS activity for `rdp.sh` for potential service disruptions.
- Firewall:
- Allow SSH (port 22) if legitimate, but restrict other ports unless required.
- Investigation:
- Verify if the SSH service is authorized; confirm ownership of the `rdp.sh` domain.
Conclusion: This IP is a low-risk server hosting SSH, likely a VPS or dedicated host. While no direct threats are detected, the subnet contains mixed-risk peers, warranting continued monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | lir-de-1337services-1-MNT |
| ASN | AS210558 |
| Network Name | โ |
| CIDR Block | 45.154.98.0/24 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 45.154.98.199.powered.by.rdp.sh |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 45.154.98.199.powered.by.rdp.sh |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.2 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 29% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 25% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:21 UTC |
| Last Seen | 2026-06-23 13:24:28 UTC |
| Profile Built | 2026-06-23 14:02:49 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.