185.106.29.185
IP Intelligence Briefing: 185.106.29.185
Date: 2026-06-02
---
**Key Risk Indicators**
- Risk Score: 70 (High Risk)
- Threat Observations:
- Flagged by 4/8 DNSBLs (low-severity listings).
- No direct malware campaigns or known attacker associations.
- Network Stability: Unstable BGP route (route changes in last 30 days).
- Geolocation: Erbil, Iraq (IQ), under Admin RIPE management.
---
**Network & Ownership**
- ASN: 206206 (KNET - Kurdistan Net Company).
- Subnet: 185.106.29.0/24 (abuse density: 50%).
- Neighbors:
- 2 high-risk IPs (70/70 score).
- 1 low-risk IP (0/50 score).
- Ownership:
- Registered to Admin RIPE (RIPE NCC).
- No recent ownership changes.
---
**Threat Context**
- DNS Security: DNSSEC valid, but 4/8 DNSBL listings (e.g., Spamhaus, OpenBLAST).
- Services: No open ports or TLS certificates detected.
- Behavioral Flags:
- No honeypot hits or WAF violations.
- Minimal operator risk score (0.13).
---
**Actionable Insights**
1. Monitor Neighbors: The subnet contains 2 high-risk IPs; investigate potential lateral movement or shared infrastructure.
2. Check DNSBL Listings: Verify if the IP is flagged for spam or abuse (e.g., OpenBLAST, Spamhaus).
3. Network Segmentation: Given the unstable BGP route and mixed subnet risk, consider isolating this IP from critical assets.
4. Geolocation Verification: Confirm if the IP is genuinely hosted in Erbil or if itโs a spoofed geolocation.
---
**Conclusion**
This IP is part of a high-risk subnet managed by a Kurdish ISP. While it lacks direct malicious indicators, its DNSBL listings and unstable routing suggest potential misuse. SOC teams should prioritize monitoring its network context and validate its operational legitimacy.
Recommended Tools: Use IPDebriefโs `ipdebrief_actions` for firewall rules and `ipdebrief_compare` to analyze neighboring IPs.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Admin RIPE |
| ASN | AS206206 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 25% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 20% | 8 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:00 UTC |
| Last Seen | 2026-06-23 00:24:55 UTC |
| Profile Built | 2026-06-23 00:35:44 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 21 |
Full dossier details are available via our API.