185.74.240.224
IP Intelligence Briefing: 185.74.240.224/32
Date: 2026-06-17
---
**Key Threat Indicators**
- Risk Score: 80 (High Risk)
- Subnet Abuse Density: 45.83% (Mixed classification)
- High-Risk Neighbors: 11/24 IPs in the 185.74.240.0/24 subnet
- Network Role: Single-service host (HTTP/80, lighttpd/1.4.54)
- Ownership: Registered to *Santiago Arenos Ferrer* (AS41368)
- Geolocation: Spain (Valencia), IP flagged as geographically improbable for its observed traffic
---
**Threat Observations**
1. Malicious Activity Signals:
- 4 DNSBL listings (4/8 total) with high-severity tags.
- 13 high-risk IPs in the same /24 subnet (11 active, 2 inactive).
- Historical data shows persistent DNS and network activity since 2026-06-02.
2. Service Vulnerabilities:
- HTTP server (lighttpd/1.4.54) with outdated software.
- No TLS certificate or HSTS enforcement detected.
3. Network Anomalies:
- Subnet route stability: 0/30-day route changes, but route stability flagged as *unknown*.
- DNSSEC validation: Enabled, but no CAA records.
---
**Actionable Intelligence**
- SOC Response:
- Monitor traffic to/from this IP and its subnet for unusual patterns (e.g., mass DNS queries, port scanning).
- Investigate the 11 high-risk neighbors for potential lateral movement or coordinated attacks.
- Patch the lighttpd server to mitigate known vulnerabilities (1.4.54 is deprecated).
- Consider blocking the IP in firewall rules (e.g., iptables, Cloudflare WAF) given its high-risk profile.
- Additional Steps:
- Validate geolocation anomalies (Spain vs. observed traffic patterns).
- Check for CAA records and TLS enforcement on the HTTP server.
---
Note: This IP is part of a subnet with significant abuse density. Prioritize monitoring and mitigation to reduce exposure to potential threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Santiago Arenos Ferrer |
| ASN | AS41368 |
| Network Name | โ |
| CIDR Block | 185.74.240.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | lighttpd/1.4.54 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 35% | 2 | 3 |
| services | 26% | 2 | 3 |
| ownership | 29% | 3 | 4 |
| reputation | 17% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 27% | 12 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:01 UTC |
| Last Seen | 2026-06-23 01:18:04 UTC |
| Profile Built | 2026-06-23 01:22:08 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.