# IP INTELLIGENCE BRIEFING: 98.80.4.31/32
Classification: MODERATE RISK
Date: 2026-06-14
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 98.80.4.31/32 is a cloud infrastructure address belonging to Amazon Web Services (AWS) in Ashburn, Virginia. The address carries a moderate risk score of 40 and exhibits characteristics consistent with cloud-based scanning infrastructure. While no direct threat indicators were detected, the subnet demonstrates elevated abuse density with multiple associated threat sources.
---
## INFRASTRUCTURE PROFILE
Ownership & Registration:
- ASN: 16509 (AMAZON-02)
- Organization: Amazon Data Services Northern Virginia
- CIDR Block: 98.80.0.0/12
- RIR: ARIN
- Registration Date: 2018-09-18
Geolocation:
- Country: United States (US)
- Region: Virginia (VA)
- City: Ashburn
- Coordinates: 39.04, -77.49
- Timezone: America/New_York
Network Role:
- Provider: Amazon Web Services
- Infrastructure Type: CloudCompute
- Connection Type: Cloud hosting environment
- Classification: Firewalled / No Services
---
## THREAT INDICATORS
Direct Threat Indicators:
- Risk Score: 40 (Moderate Risk)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Analysis:
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2609 (Basic)
- Route Stability: False (isRouteStable: false)
- Route Changes (30d): 0
- DNSSEC: Valid
- RPKI State: Not available
---
## DNS ANALYSIS
Reverse DNS (PTR):
- Primary: scanner-98-80-4-31.reposify.net
- Forward Resolution: Confirmed
- Forward Hostnames: scanner-98-80-4-31.reposify.net
Email Authentication:
- SPF Record: Present
- DMARC Record: Present
- TXT Record Count: 0
Associated Domains:
- reposify.net (primary association)
---
## SUBNET ANALYSIS
Subnet: 98.80.4.31/24
- Total Sibling IPs: 13
- Active Siblings: 5
- Threat Siblings: 7
- Abuse Density: 0.5385
- Classification: HIGH_ABUSE
- Inherited Risk: 17
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 6
- Low Risk: 7
Notable Neighbors:
- 98.80.4.79, 98.80.4.84, 98.80.4.87, 98.80.4.96, 98.80.4.120, 98.80.4.123 (Risk Score: 40)
- 98.80.4.15, 98.80.4.33, 98.80.4.40, 98.80.4.56, 98.80.4.99, 98.80.4.103, 98.80.4.107 (Risk Score: 25)
---
## OBSERVATION HISTORY
Total Observations: 22
Latest Observation: 2026-06-14 07:58:10 UTC
Temporal Trends:
- Ownership Changes: 0
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Persistently Malicious: No
- Average Ownership Days: N/A
Recent Signal Activity:
- ASN Resolution: Consistent assignment to Amazon (16509)
- Geolocation: Stable Ashburn, VA positioning
- Abuse Density Classification: High abuse subnet maintained
- Operator Score: Basic classification maintained
---
## RELATIONSHIP GRAPH
Total Relationships: 60
Primary Associations:
- Network: AMAZON-IAD (AWS data center)
- DNS Hostname: scanner-98-80-4-31.reposify.net
- Network Type: Cloud infrastructure
Correlation Analysis:
- Correlated IPs: 0
- Certificate Matches: 0
- Banner Matches: 0
---
## SERVICES & PORTS
Open Ports: None detected
HTTP Title: None detected
TLS Certificate: None detected
Server Banner: None detected
Certificates: None detected
---
## RECOMMENDED ACTIONS
Monitoring Recommendations:
- Monitor for port scan activity from this subnet
- Track DNS resolution patterns to reposify.net
- Monitor for any changes in risk score trends
- Watch for increased DNSBL listings
Blocking Criteria:
- No immediate blocking required based on current risk profile
- Consider monitoring for lateral movement within the 98.80.4.0/24 subnet
- Evaluate traffic patterns if connections observed from internal networks
---
## ANALYST NOTES
This IP address represents AWS cloud infrastructure in a high-abuse subnet. The hostname "scanner-98-80-4-31.reposify.net" suggests potential scanning infrastructure, though no active threat indicators were detected. The subnet abuse density of 0.5385 indicates this /24 block hosts multiple suspicious sources. SOC teams should monitor for traffic patterns consistent with reconnaissance activity, particularly given the high proportion of threat siblings in the neighborhood.
The moderate risk score of 40 reflects the cloud hosting context combined with subnet-level abuse indicators. No immediate defensive action is warranted, but continued observation is recommended given the subnet classification.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Northern Virginia |
| ASN | AS14618 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-98-80-4-31.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-98-80-4-31.reposify.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Reposify |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 22% | 1 | 1 |
| services | 29% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:45 UTC |
| Last Seen | 2026-06-27 09:48:24 UTC |
| Profile Built | 2026-06-28 03:54:48 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.