185.92.182.129
IP Intelligence Briefing: 185.92.182.129
Date: 2026-06-17
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Provider/Authority Scores: 0/0
- Threat Indicators:
- Listed in 3/8 threat feeds (low-severity).
- DNSSEC valid, but certificate is self-signed and invalid.
- No known malware campaigns or spam sources.
---
**2. Ownership & Geolocation**
- ASN: 56971 (CloudBackbone NOC)
- Country: Netherlands (NL)
- Region: Missouri (conflict with geolocation data; likely error).
- Coordinates: 52.13°N, 5.29°E (Amsterdam area).
- Network Role: Infrastructure (web server, SSH, HTTPS).
---
**3. Network Behavior**
- Services:
- Open ports: 443 (HTTPS), 22 (SSH).
- TLS certificate: Invalid, self-signed.
- HTTP server: Google Workspace (gws), 301 redirect.
- Subnet: 185.92.182.0/24 (abuse density: 0%, mostly clean).
- Neighbors: No neighboring IPs detected (subnet may be isolated).
---
**4. Threat Observations**
- Historical Signals (Last 30 Days):
- 18 observations, 12 high-confidence.
- DNS and geolocation inferences with moderate accuracy.
- No persistent malicious activity detected.
- DNS: No SPF/DKIM records; no email auth configured.
---
**5. Relationships**
- Linked Entities:
- Same network: as56971-net (CloudBackbone).
- No peer IPs or subdomains linked.
---
**6. Recommendations**
- Monitor: SSL/TLS configurations (invalid certificate).
- Block/Allow:
- Allow HTTPS (port 443) for legitimate traffic.
- Restrict SSH (port 22) to trusted sources.
- Verify: Geolocation discrepancy (NL vs. Missouri).
- Check: Subnet isolation (no neighbors detected).
Note: Low-risk but requires validation of certificate and geolocation accuracy. No immediate mitigation needed, but ongoing monitoring advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | CloudBackbone NOC |
| ASN | AS56971 |
| Network Name | โ |
| CIDR Block | 185.92.182.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | gws |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.14 |
๐ TLS Certificate
| SANs | invalid2.invalid |
| Valid From | 2026-05-25T09:42:12+00:00 |
| Valid Until | 2026-08-17T09:42:11+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 83 days |
| Serial Number | 0080E5CABDF41B68E0BA718F4A1224EFA3 |
| Thumbprint | 3A63B90C03534246ABA67F1652C5B5CD08B7BAAB |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 28% | 2 | 3 |
| ownership | 24% | 3 | 4 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 24% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:04:01 UTC |
| Last Seen | 2026-06-26 18:10:55 UTC |
| Profile Built | 2026-06-25 23:25:27 UTC |
| Data Freshness | Fresh |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.