81.30.98.90
IPDebrief Threat Intelligence Briefing: 81.30.98.90/32
*Generated from comprehensive analysis using IPDebrief tools*
---
**1. Core Risk Profile**
- Risk Score: 80/100 (High Risk)
- Ownership: Registered to "Abuse contact role object" (ASN 209425, RIPE).
- Geolocation: Plausible US location (2500 km accuracy radius).
- Network Role: Firewalled host with no open services or DNS records.
- Threat Indicators: No direct malware, phishing, or exploit activity detected.
---
**2. Observation History**
- Latest Scan (2026-06-03):
- No TLS certificate or HTTP title found.
- Ports scanned but no active services identified.
- Network Classification: Mixed subnet (81.30.98.0/24) with abuse density of 33.3%.
- Geolocation Consistency: Inferred from RDAP data with moderate confidence.
---
**3. Network Relationships**
- Shared Subnet: 81.30.98.0/24.
- Key Relationships:
- Linked to network "IR-LORDVPS11-20240618" (multiple entries).
- No direct ties to known malicious domains or organizations.
---
**4. Subnet Analysis**
- Neighbor Risk Distribution:
- High Risk (β₯70): 6 IPs (e.g., 81.30.98.44, 81.30.98.49).
- Medium Risk (40β69): 12 IPs.
- Low Risk (β€39): 4 IPs.
- Abuse Density: 27.3% of subnet IPs show abuse indicators.
---
**5. Recommended Actions**
- Block the IP:
- Firewall Rules:
- `iptables -A INPUT -s 81.30.98.90 -j DROP`
- `nft add rule inet filter input ip saddr 81.30.98.90 drop`
- Cloudflare/AWS WAF rules provided in tool response.
- Monitor Subnet:
- Investigate high-risk neighbors (e.g., 81.30.98.44, 81.30.98.49) for potential lateral movement.
- Verify Geolocation:
- The 2500 km accuracy radius suggests potential spoofing or misattribution.
---
**6. Key Takeaways**
- The IP is flagged as high risk despite minimal direct threat indicators, likely due to subnet-level abuse.
- Its association with the "IR-LORDVPS11" network may indicate shared infrastructure with risky peers.
- No active services or DNS records suggest it could be a dormant or recently compromised host.
Next Steps: Correlate with internal logs, monitor subnet activity, and validate geolocation anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Abuse contact role object |
| ASN | AS209425 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:36 UTC |
| Last Seen | 2026-06-23 22:28:58 UTC |
| Profile Built | 2026-06-23 22:35:10 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.