# IP INTELLIGENCE BRIEFING: 74.80.182.88
## Executive Summary
Risk Assessment: Moderate Risk (Score: 40/100)
Status: Active Threat Indicator β Listed on 8 DNSBLs with high severity
Recommendation: Block at perimeter; monitor for lateral movement within /24 subnet
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | Cyberzone S.A. |
| **ASN** | 13737 (CZ-MCI1-IPV4) |
| **Location** | Kansas City, MO, US |
| **CIDR Block** | 74.80.182.64/26 |
| **Network Role** | Single-Service Host |
| **Open Services** | TCP/8443 (https-alt) |
## Threat Indicators
- Blacklist Status: Listed on 8 DNSBLs (maximum severity: high)
- Threat Indicators: None directly associated with this IP
- Campaign Activity: No known campaign matches
- Campaign Likelihood: None
## Neighborhood Analysis (74.80.182.0/24)
- Subnet Classification: High Abuse
- Abuse Density: 0.875 (87.5%)
- Total Siblings: 8
- Threat Siblings: 7 (87.5% of /24 flagged as threats)
- Neighbor Risk Scores: All 7 neighboring IPs scored 40 (moderate risk)
Key neighbors include:
- 74.80.182.70, .78, .83, .85, .93, .95, .100 β all scoring 40/100
## Observed Behavior
- Observations: 22 signal observations recorded
- Last Activity: 2026-06-05
- Threat Persistence: 0 days (no persistent malicious behavior detected)
- BGP Origin: 74.80.182.0/24 via ASN 13737
- Route Stability: Stable (no route changes in 30 days)
## Recommended Security Actions
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 74.80.182.88 -j DROP
# nftables
nft add rule inet filter input ip saddr 74.80.182.88 drop
```
WAF Rules
```nginx
# nginx
deny 74.80.182.88;
# Cloudflare WAF
Block IP: 74.80.182.88 (Risk Score: 40)
# AWS WAF
Block: 74.80.182.88/32
```
## SOC Analyst Notes
1. Subnet-Wide Risk: This IP belongs to a high-abuse subnet where 7 of 8 neighboring IPs are flagged as threats. Consider implementing subnet-based blocking policies for the entire /24.
2. Blacklist Presence: Multiple DNSBL listings with high severity indicate prior abuse history.
3. Service Exposure: TCP/8443 (https-alt) is open β verify if this is legitimate application traffic or potential command-and-control channel.
4. No Direct Threat Indicators: Despite moderate risk score, no direct threat indicators (tor, VPN, proxy, etc.) were observed on this specific IP.
## Mitigation Priority
High β Due to high-abuse subnet classification and multiple blacklist listings, recommend blocking at network perimeter and monitoring inbound traffic patterns from the 74.80.182.0/24 range.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cyberzone S.A. |
| ASN | AS13737 |
| Network Name | CZ-MCI1-IPV4 |
| CIDR Block | 74.80.182.64/26 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 8443 | https-alt | tcp | β |
| Closed Ports | 22, 25, 80, 443, 3389, 8080 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 12 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 05:26:22 UTC |
| Last Seen | 2026-06-25 14:10:40 UTC |
| Profile Built | 2026-06-25 14:15:56 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 24 |
Full dossier details are available via our API.