# IP INTELLIGENCE BRIEFING: 125.16.27.190/32
## Executive Summary
IP 125.16.27.190 is a moderate-risk (65) mobile network address belonging to Bharti Airtel's Indian infrastructure. The IP is classified as firewalled with no active services, but requires monitoring due to elevated DNSBL listings and a high-risk neighbor within the same /24 subnet.
---
## Ownership & Classification
- Organization: IRT-BHARTI-IN (BHARTI-IN)
- ASN: 9498
- ISP: Bharti Airtel Ltd.
- Network Block: 125.16.0.0/18 (APNIC)
- Geolocation: Uttar Pradesh, Noida, India
- Connection Type: Mobile (LTE/5G) via Airtel carrier
- Network Role: Firewalled / No Services
---
## Threat Assessment
- Risk Score: 65 (Moderate Risk)
- DNSBL Listings: 3 of 8 total lists
- Known Campaigns: None detected
- Tor Exit / Proxy: No
- Blacklist Count: 0 (specific feeds)
Threat Indicators: The IP shows no active threat indicators, known campaigns, or confirmed attacker classifications. However, the presence on multiple DNSBLs warrants attention.
---
## Network Neighborhood Analysis
Subnet: 125.16.27.0/24
- Abuse Density: High (1.0)
- Active Siblings: 2
- Threat Siblings: 0 (within /24)
- Notable Neighbor: 125.16.27.210 (Risk Score: 80, Authority Score: 50)
Assessment: The /24 subnet exhibits elevated abuse activity. Neighbor 125.16.27.210 presents elevated risk and should be monitored as part of the same infrastructure cluster.
---
## Observation History (18 Observations)
Recent signals indicate:
- DNS resolution attempts to reverse domain 190.27.16.125.in-addr.arpa
- Consistent geolocation inference to India (Noida region)
- Operator classification: "Minimal" risk
- Multiple blacklist category matches with high severity listing
---
## Technical Services
- Open Ports: None detected (firewalled)
- DNS: No PTR records, no forward resolution
- TLS/HTTP: No certificates or web services
- Fingerprinting: Insufficient data (no active services)
---
## Control Plane
- Route Stability: False (changes detected)
- RPKI State: Not assessed
- IRR Consistency: Not assessed
- Delegation Age: Not assessed
- DNSSEC: Valid
---
## Recommended Actions
1. Monitor IP 125.16.27.210 (risk score 80) as high-risk neighbor in same subnet
2. Block or Rate-Limit 125.16.27.190 if it attempts connections to sensitive services
3. Investigate DNSBL listing rationale (3 of 8 lists) for potential false positives vs. legitimate abuse
4. Correlate with any incidents originating from this /24 subnet
---
## Risk Conclusion
This mobile network IP presents moderate risk primarily due to subnet-level abuse density and DNSBL presence rather than confirmed malicious activity. The firewalled status reduces immediate threat exposure, but the high-risk neighbor and multiple blacklist listings warrant continued monitoring and potential blocking for sensitive traffic.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-BHARTI-IN |
| ASN | AS9498 |
| Network Name | BHARTI-IN |
| CIDR Block | 125.16.0.0/18 |
| RIR | APNIC |
| Country | IN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:38 UTC |
| Last Seen | 2026-06-26 18:10:34 UTC |
| Profile Built | 2026-06-22 13:07:07 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 20 |
Full dossier details are available via our API.