185.208.195.210
IP Intelligence Briefing: 185.208.195.210
Date: 2026-06-06
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN: 60747
- Organization: `ru-modus333-1-mnt` (RIPE)
- Geolocation:
- Country: Russia (RU)
- Subnet: `185.208.195.210/24`
- Threat Indicators:
- No active malware campaigns, spam, or known attacker associations.
- DNSBL listings detected (5/8 total).
- Network Role:
- Firewalled / No services open (no TLS, HTTP, or banner data).
- BGP prefix: `185.208.192.0/22` (AS60747).
- DNSSEC valid, but no CAA records.
---
**2. Historical Observations**
- Recent Activity (Last 30 Days):
- 17 total observations; last update: 2026-06-06.
- Minimal risk flagged (operator score: 0.13).
- Abuse density in subnet: 1 (mostly clean, but inherited risk: 2).
- No persistent malicious behavior detected.
---
**3. Network Relationships**
- Linked Entities:
- Subnet: `GPON6` (repeated 19 times in relationships).
- No direct hostname or organizational links.
- Subnet Analysis:
- `185.208.195.210/24` has 1 active sibling IP, 1 threat sibling.
- No neighboring IPs detected (neighbors tool returned 0 entries).
---
**4. Threat & Mitigation Notes**
- DNSBL Listings:
- IP appears in 5/8 DNSBLs (e.g., Spamhaus, Project Honey Pot).
- Recommendations:
- Monitor DNSBL status and subnet activity.
- Verify network relationships (GPON6) for potential shared risks.
- Consider blocking DNSBL-listed IPs in firewall rules.
---
Conclusion:
This IP is flagged high-risk due to historical DNSBL listings and subnet abuse density, but current observations show no active threats. SOC teams should monitor DNSBL status, subnet activity, and verify network relationships for potential lateral movement risks. No immediate action required, but continuous observation is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ru-modus333-1-mnt |
| ASN | AS60747 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:01 UTC |
| Last Seen | 2026-06-26 18:10:54 UTC |
| Profile Built | 2026-06-17 21:04:19 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.