185.17.125.110
IP Intelligence Briefing: 185.17.125.110
Date: 2026-06-06
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Registered to Andrij Senyk (ASN 3255, RIPE).
- Geolocation: Ukraine (UA), Pavliv, Europe/Kyiv timezone.
- Network Role: Web server (HTTP/HTTPS, lighttpd/1.4.39).
- Threat Indicators: No direct malicious activity detected.
- DNSSEC: Valid.
- DNSBL Listings: 5/8 lists (e.g., Spamhaus, Project Honey Pot).
---
**2. Observation History**
- Recent Activity:
- Geolocation inferred with 0.52 confidence (500km accuracy).
- No active threats or spam sources detected.
- Low-confidence signals (0.20β0.30) suggest limited operational visibility.
- Trend: No persistent malicious behavior noted.
---
**3. Relationships**
- Linked Entities:
- Repeated associations with network "BiT" (likely a typo or internal identifier).
- No direct ties to known malicious organizations or campaigns.
---
**4. Neighborhood Analysis**
- Subnet: 185.17.125.0/24 (39 IPs).
- Abuse Density: 25.6% (10 high-risk neighbors, 23 medium-risk).
- Notable Neighbors:
- 185.17.125.42, 185.17.125.52, 185.17.125.114: High-risk (80 score).
- 185.17.125.68, 185.17.125.253: Low-risk (0 score).
- Subnet Classification: Mixed (legitimate and risky IPs).
---
**5. Actionable Insights**
- Threat Level: High-risk web server with DNSBL ties.
- Recommendations:
- Monitor for unexpected traffic or service changes.
- Investigate the "BiT" network association for potential collaterals.
- Block IPs in the 185.17.125.0/24 subnet if risk thresholds are exceeded.
- Validate DNSSEC and check for spoofing risks.
Note: No direct evidence of active exploitation, but the IPβs DNSBL status and high risk score warrant close scrutiny.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Andrij Senyk |
| ASN | AS3255 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 19:04:17 UTC |
| Last Seen | 2026-06-21 12:22:39 UTC |
| Profile Built | 2026-06-20 07:11:31 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 19 |
Full dossier details are available via our API.