Threat Intelligence Briefing: IP Address 185.17.125.112/32
Overview
- Risk Score: 70 (High Risk)
- Ownership: Operated by Andrij Senyk (ASN 3255, RIPE)
- Geolocation: Ukraine (UA), with inferred coordinates (48.38°N, 31.17°E) and 500km accuracy radius.
- Network Role: Firewalled host with no active services or open ports.
- Threat Indicators: No direct malicious activity detected (no malware, phishing, or C2 indicators).
Key Findings
1. Subnet Analysis
- Part of 185.17.125.0/24, classified as "mixed" with abuse density 28.57%.
- 9 high-risk neighbors (70+ score) and 10 threat-associated IPs in the subnet.
- Notable high-risk neighbors include:
- 185.17.125.42 (80), 185.17.125.52 (80), 185.17.125.114 (80).
2. Historical Trends
- Observed 14 times since May 30, 2026.
- Stable ownership (no recent changes) but inconsistent signal confidence (0.30β0.95).
- Inferred as part of a Yandex-linked network, though no direct ties to known campaigns.
3. Relationships
- Linked to BiT (network name) and Andrij Senyk (organization).
- No connections to Tor, CDN, or cloud infrastructure.
4. Behavioral Context
- No DNS resolution, TLS certificates, or HTTP services detected.
- DNSSEC valid but no email authentication (SPF/DKIM) configured.
Actionable Insights
- Monitor Neighbors: The subnet contains 10 threat-associated IPs; prioritize investigation of high-risk neighbors (e.g., 185.17.125.42).
- Verify Ownership: Cross-check Andrij Senykβs ASN (3255) with RIPE for potential abuse or misconfiguration.
- Check for Anomalies: Despite no direct threats, the high risk score and mixed subnet abuse density warrant closer scrutiny for lateral movement or covert activity.
- Block/Isolate: Consider blocking the IP if it appears in future threat feeds, given its high risk profile and unstable signal history.
Conclusion
While no direct malicious activity is observed, the IPβs high risk score, mixed subnet abuse density, and association with potential Yandex infrastructure suggest a need for further investigation. SOC teams should prioritize monitoring this IP and its neighbors for signs of compromise or anomalous behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Andrij Senyk |
| ASN | AS3255 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 17% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 23:35:27 UTC |
| Last Seen | 2026-06-19 11:33:39 UTC |
| Profile Built | 2026-06-18 20:26:04 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 15 |
Full dossier details are available via our API.