168.91.173.57
IP Intelligence Briefing: 168.91.173.57
Date: 2026-06-02
---
**Risk Assessment**
- Risk Score: 80 (High Risk)
- Provider: RCN (AS6079)
- Geolocation: Allentown, PA, US (latitude 39.83, longitude -98.58)
- Threat Indicators: No malicious indicators, spam, or known attacker associations.
---
**Network & Ownership**
- ISP: RCN (Regional Cable Network)
- ASN: 6079
- Subnet: 168.91.173.57/32 (no neighboring IPs detected).
- BGP: Prefix 168.91.128.0/17, route stability flagged as unstable.
---
**Services & DNS**
- Open Ports: SSH (port 22) with Dropbear banner.
- DNS:
- PTR hostname: `168-91-173-57.s823.c3-0.eas-cbr7.atw-eas.pa.cable.rcncustomer.com`
- Domain: `rcncustomer.com` (SPF/DKIM records present).
- TLS/HTTP: No TLS certificates or HTTP services detected.
---
**Control Plane**
- DNSSEC: Validated.
- RPKI: No state reported.
- BGP: Route changes flagged (unstable).
- DNSBL: Listed in 5/8 DNSBLs (high-severity risk).
---
**Observation History**
- Recent Activity:
- Geolocation inferred as US (confidence 35%).
- DNSSEC validation (confidence 60%).
- DNS resolution errors observed (timed out).
- No persistent malicious activity detected over 30-day window.
---
**Relationships**
- Network: Linked to RCN-BLK-31 subnet.
- DNS: Associated with `rcncustomer.com` and internal DNS errors.
---
**Recommendations**
1. Monitor SSH Service: Investigate Dropbear SSH access; ensure strong key authentication.
2. DNS Anomalies: Verify DNSSEC validation and resolve timed-out DNS queries.
3. ISP Collaboration: Coordinate with RCN to address BGP route instability.
4. Threat Intelligence: Cross-reference DNSBL listings with internal threat feeds.
Note: No immediate mitigation required for known threats, but ongoing monitoring is advised due to DNS and BGP risks.
---
*Generated via IPDebrief threat intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | RCN |
| ASN | AS6079 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 168-91-173-57.s823.c3-0.eas-cbr7.atw-eas.pa.cable.rcncustomer.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 168-91-173-57.s823.c3-0.eas-cbr7.atw-eas.pa.cable.rcncustomer.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-dropbear_2019.78 l}(?_];dw#?'?o?curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-ni |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Fresh
| First Seen | 2026-05-07 23:03:53 UTC |
| Last Seen | 2026-06-26 08:23:19 UTC |
| Profile Built | 2026-06-26 11:01:57 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.