182.95.224.138
IP Intelligence Briefing: 182.95.224.138
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Registered to IRT-BHARTI-IN (Bharti Airtel Ltd., India) under ASN 9498.
- Geolocation: India (New Delhi, Phase III), mobile carrier Airtel (LTE/5G).
- Network Role: Mobile IP (residential/mobile classification), part of Bharti Airtelโs 5G infrastructure.
- Threat Indicators: No direct malicious activity detected, but flagged in 6 DNSBLs (8 total lists).
---
**2. Network Activity**
- Open Ports: SSH (port 22/tcp) detected.
- Subnet: 182.95.224.0/24.
- Abuse Density: 80% of subnet IPs are classified as abusive (high-risk neighbors).
- Neighbors:
- 4 active IPs in the subnet (3 high-risk, 1 medium-risk).
- All neighbors share the same ISP (Bharti Airtel).
---
**3. Threat Observations**
- Historical Signals:
- Detected in 3 threat feeds (June 17, 2026) with "high" severity.
- Listed in 6 DNSBLs (e.g., Spamhaus, Project Honey Pot).
- No TLS/HTTP indicators, but SSH banners suggest potential remote access.
- BGP Analysis:
- Route stability: Unstable (route changes in last 30 days).
- RPKI invalidation: Not reported.
---
**4. Recommendations**
- Monitoring:
- Track SSH (port 22) traffic for unauthorized access attempts.
- Monitor DNSBL listings for potential spam or phishing activity.
- Mitigation:
- Consider blocking traffic from the 182.95.224.0/24 subnet if the risk profile persists.
- Validate DNSSEC and check for CAA records to prevent spoofing.
- Investigation:
- Correlate with neighboring IPs (e.g., 182.95.224.62, 182.95.224.102) for potential network-wide compromises.
---
Summary: This IP is part of a high-risk mobile subnet (80% abuse density) associated with Bharti Airtel. While no direct malicious activity is detected, its DNSBL listings and risky neighbors suggest potential involvement in spam or unauthorized access. SOC teams should prioritize monitoring SSH traffic and network segmentation to mitigate risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-BHARTI-IN |
| ASN | AS9498 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.8 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:59 UTC |
| Last Seen | 2026-06-22 23:56:20 UTC |
| Profile Built | 2026-06-23 00:13:04 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 19 |
Full dossier details are available via our API.