45.91.20.90
IP Intelligence Briefing: 45.91.20.90/32
Date: 2026-06-03
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN: 9009
- Organization: *VPN Consumer Milan, Italy*
- Geolocation: Milan, Lombardy, Italy (latitude 41.87, longitude 12.57)
- Network Role:
- Subnet: 45.91.20.0/24
- Classification: *High Abuse*
- Subnet Abuse Density: 1 (100% abuse risk)
- Active Siblings: 17/35 IPs in subnet flagged as high risk
---
**2. Threat Indicators**
- No direct threat indicators (no malware, C2, or exploit activity).
- Subnet Context:
- 35 IPs in 45.91.20.0/24 classified as high abuse.
- 17 active IPs in subnet show moderate risk (40).
- No known campaigns, spam, or Tor activity.
---
**3. Observation History**
- Latest Signal (2026-06-03):
- Subnet abuse density confirmed (1/10).
- Geolocation inferred with 28% confidence (Milan, Italy).
- Network classification stable as "high_abuse."
- Trend: Consistent moderate risk over 18 observations.
---
**4. Relationships**
- Network Affiliation:
- Linked to *MILAN-IT-45-91-20-0* subnet (repeated 12x).
- No direct ties to organizations, domains, or certificates.
---
**5. Neighborhood Analysis**
- Subnet 45.91.20.0/24:
- 34 sibling IPs (risk scores 40).
- 0% abuse density (but classified as high abuse).
- 17 active IPs, 35 total.
- Neighbor IPs:
- All siblings show same risk profile (40/50 authority).
- No outliers in risk scores.
---
**6. Recommended Actions**
- Block IP:
- Use firewall rules (iptables, nftables, etc.) to block 45.91.20.90/32.
- Example: `iptables -A INPUT -s 45.91.20.90 -j DROP`
- Monitor Subnet:
- The 45.91.20.0/24 subnet has high abuse risk. Investigate traffic patterns.
- Verify Ownership:
- Confirm if the VPN provider is legitimate (contact ARIN for ASN 9009).
---
Conclusion:
The IP 45.91.20.90 is part of a high-abuse subnet linked to a Milan-based VPN provider. While no direct threats are detected, the subnetโs elevated risk profile warrants further investigation. Block the IP and monitor its subnet for potential lateral movement or related activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | VPN Consumer Milan, Italy |
| ASN | AS9009 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:22 UTC |
| Last Seen | 2026-06-23 14:09:47 UTC |
| Profile Built | 2026-06-23 14:12:36 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.