62.60.130.227
IP Intelligence Briefing: 62.60.130.227
*Generated via IPDebrief tools: Profile, History, Relationships, & Neighborhood Analysis*
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership:
- ASN: 215930
- Organization: "Abuse contact role object" (RIPE registry)
- Geolocation: Listed as UK (GB) but city/region fields show Tehran, Iran (potential spoofing or misconfiguration).
- Threat Indicators: No active malware, phishing, or known attacker associations.
- Network Role: Firewalled with no open services detected.
---
**2. Observation History**
- First Seen: June 3, 2026
- Key Trends:
- Subnet abuse density: 17% (mixed risk, 7 high-risk neighbors).
- Stability: Low (route instability flagged in BGP data).
- DNS: No valid PTR records; DNSSEC validation successful.
---
**3. Network Relationships**
- Subnet: 62.60.130.0/24
- Neighbors:
- High Risk: 7 IPs (e.g., 62.60.130.14, 62.60.130.28, 62.60.130.139) with scores โฅ80.
- Medium Risk: 24 IPs (e.g., 62.60.130.22, 62.60.130.71).
- Low Risk: 9 IPs.
- Shared Network: Linked to "spaceshipnetworks" (likely a misconfigured or spoofed network name).
- DNS: Multiple failed DNS queries (e.g., 192.168.2.108#53 timeouts).
---
**4. Threat & Risk Context**
- Subnet Abuse: 17% of neighbors show elevated risk (high/medium).
- Geolocation Discrepancy: IP reports UK location but city/region fields indicate Iran. Investigate spoofing or misconfigured geolocation data.
- BGP Stability: Route instability detected (0.2174 operator score). Monitor for BGP hijacking risks.
---
**5. SOC Actionable Recommendations**
1. Monitor Subnet Traffic: Focus on high-risk neighbors (e.g., 62.60.130.14, 62.60.130.139) for lateral movement or C2 activity.
2. Investigate Geolocation Anomalies: Verify IP's true location and check for spoofing.
3. Validate DNS Configuration: Ensure DNS servers (e.g., 192.168.2.108) are not misconfigured or compromised.
4. Inspect Firewall Rules: Block traffic to/from high-risk neighbors using iptables/nftables rules.
5. Check for Network Compromise: Given route instability, assess if the subnet is part of a larger malicious infrastructure.
---
*Generated by IPDebrief. All data reflects observed signals as of June 18, 2026.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Abuse contact role object |
| ASN | AS215930 |
| Network Name | โ |
| CIDR Block | 62.60.130.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 24% | 2 | 3 |
| ownership | 26% | 3 | 4 |
| reputation | 23% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 28% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:31 UTC |
| Last Seen | 2026-06-23 19:43:08 UTC |
| Profile Built | 2026-06-23 19:44:38 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.