98.80.4.31

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 98.80.4.31/32

Classification: MODERATE RISK

Date: 2026-06-14

Analyst: IPDebrief Intelligence Team

---

## EXECUTIVE SUMMARY

IP 98.80.4.31/32 is a cloud infrastructure address belonging to Amazon Web Services (AWS) in Ashburn, Virginia. The address carries a moderate risk score of 40 and exhibits characteristics consistent with cloud-based scanning infrastructure. While no direct threat indicators were detected, the subnet demonstrates elevated abuse density with multiple associated threat sources.

---

## INFRASTRUCTURE PROFILE

Ownership & Registration:

ASN: 16509 (AMAZON-02)
Organization: Amazon Data Services Northern Virginia
CIDR Block: 98.80.0.0/12
RIR: ARIN
Registration Date: 2018-09-18

Geolocation:

Country: United States (US)
Region: Virginia (VA)
City: Ashburn
Coordinates: 39.04, -77.49
Timezone: America/New_York

Network Role:

Provider: Amazon Web Services
Infrastructure Type: CloudCompute
Connection Type: Cloud hosting environment
Classification: Firewalled / No Services

---

## THREAT INDICATORS

Direct Threat Indicators:

Risk Score: 40 (Moderate Risk)
Abuse Confidence Score: Not available
Blacklist Count: 0
Known Campaigns: None detected
Tor Exit Node: No
Known Attacker: No
Spam Source: No

Control Plane Analysis:

DNSBL Listed: 1 of 8 total lists
Operator Score: 0.2609 (Basic)
Route Stability: False (isRouteStable: false)
Route Changes (30d): 0
DNSSEC: Valid
RPKI State: Not available

---

## DNS ANALYSIS

Reverse DNS (PTR):

Primary: scanner-98-80-4-31.reposify.net
Forward Resolution: Confirmed
Forward Hostnames: scanner-98-80-4-31.reposify.net

Email Authentication:

SPF Record: Present
DMARC Record: Present
TXT Record Count: 0

Associated Domains:

reposify.net (primary association)

---

## SUBNET ANALYSIS

Subnet: 98.80.4.31/24

Total Sibling IPs: 13
Active Siblings: 5
Threat Siblings: 7
Abuse Density: 0.5385
Classification: HIGH_ABUSE
Inherited Risk: 17

Neighbor Risk Distribution:

High Risk: 0
Medium Risk: 6
Low Risk: 7

Notable Neighbors:

98.80.4.79, 98.80.4.84, 98.80.4.87, 98.80.4.96, 98.80.4.120, 98.80.4.123 (Risk Score: 40)
98.80.4.15, 98.80.4.33, 98.80.4.40, 98.80.4.56, 98.80.4.99, 98.80.4.103, 98.80.4.107 (Risk Score: 25)

---

## OBSERVATION HISTORY

Total Observations: 22

Latest Observation: 2026-06-14 07:58:10 UTC

Temporal Trends:

Ownership Changes: 0
Threat Observation Count: 1
Threat Persistence Days: 0
Persistently Malicious: No
Average Ownership Days: N/A

Recent Signal Activity:

ASN Resolution: Consistent assignment to Amazon (16509)
Geolocation: Stable Ashburn, VA positioning
Abuse Density Classification: High abuse subnet maintained
Operator Score: Basic classification maintained

---

## RELATIONSHIP GRAPH

Total Relationships: 60

Primary Associations:

Network: AMAZON-IAD (AWS data center)
DNS Hostname: scanner-98-80-4-31.reposify.net
Network Type: Cloud infrastructure

Correlation Analysis:

Correlated IPs: 0
Certificate Matches: 0
Banner Matches: 0

---

## SERVICES & PORTS

Open Ports: None detected

HTTP Title: None detected

TLS Certificate: None detected

Server Banner: None detected

Certificates: None detected

---

## RECOMMENDED ACTIONS

Monitoring Recommendations:

Monitor for port scan activity from this subnet
Track DNS resolution patterns to reposify.net
Monitor for any changes in risk score trends
Watch for increased DNSBL listings

Blocking Criteria:

No immediate blocking required based on current risk profile
Consider monitoring for lateral movement within the 98.80.4.0/24 subnet
Evaluate traffic patterns if connections observed from internal networks

---

## ANALYST NOTES

This IP address represents AWS cloud infrastructure in a high-abuse subnet. The hostname "scanner-98-80-4-31.reposify.net" suggests potential scanning infrastructure, though no active threat indicators were detected. The subnet abuse density of 0.5385 indicates this /24 block hosts multiple suspicious sources. SOC teams should monitor for traffic patterns consistent with reconnaissance activity, particularly given the high proportion of threat siblings in the neighborhood.

The moderate risk score of 40 reflects the cloud hosting context combined with subnet-level abuse indicators. No immediate defensive action is warranted, but continued observation is recommended given the subnet classification.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	VA
City	Ashburn
Timezone	America/New_York
Latitude	39.04
Longitude	-77.49

🏢 Ownership & Registration

Organization	Amazon Data Services Northern Virginia
ASN	AS14618
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	scanner-98-80-4-31.reposify.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`scanner-98-80-4-31.reposify.net`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
Closed Ports	22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	Reposify
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	4
routing	22%	1	1
services	29%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	30%	2	3
Overall	27%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:45 UTC
Last Seen	2026-06-27 09:48:24 UTC
Profile Built	2026-06-28 03:54:48 UTC
Data Freshness	Live
Signal Types	24
Total Observations	29

🔍 24 signal types · 29 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

98.80.4.31📋 Copy