188.92.241.148

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 188.92.241.148

Classification: LOW RISK / MONITOR

Date: 2026-06-17

Analyst: IPDebrief SOC Intelligence Team

---

## Executive Summary

IP address 188.92.241.148 is classified as Low Risk with a risk score of 25/100. The IP is owned by Mostcom NOC (ASN 25227), registered in Russia, and resolves to p7mail.ru. While the IP shows no active threat indicators, it is DNSBL-listed on one of eight monitored lists and exhibits one observed threat signal in recent history. The IP is firewalled with no open services and belongs to a subnet with moderate abuse density (0.5).

---

## Technical Profile

Ownership & Registration

Organization: Mostcom NOC
ASN: 25227
Country: Russia (RU)
Geolocation Confidence: Plausible (5000km accuracy radius)
Network Classification: Firewalled / No Services

Network Role

Provider: No
CDN/Hosting/VPN/Proxy: No
Tor Exit/Residential: No
Status: Infrastructure IP with no active services

---

## Threat Indicators

Current Risk Assessment

Overall Risk Score: 25 (Low Risk)
Abuse Confidence: Not applicable
Blacklist Status: 0 blacklists (profile); 1 DNSBL listing (control plane)
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Campaign Associations: None

Observed Signals (21 total)

Recent observations include:

Control plane operator score: 0.2609 (Basic)
One DNSBL listing with "high" severity
Subnet abuse density: 0.5 (mostly_clean classification)

---

## DNS & Services

DNS Resolution

PTR Record: p7mail.ru
Forward Resolution: Confirmed
Hosted Domains: None
Email Authentication: SPF/DMARC not configured

Services

Open Ports: None
HTTP/TLS: No active services
Certificate Authority: Not applicable

---

## Neighborhood Analysis

Subnet: 188.92.241.0/24

Abuse Density: 0.5 (moderate)
Total Siblings: 2
Active Siblings: 1
Threat Siblings: 1
Risk Distribution: 1 low-risk IP

Notable Neighbor

188.92.241.150: Risk score 20, authority score 50 (low-risk profile)

---

## Historical Trend

Observation Count: 21 signals over monitoring period

Threat Persistence: 0 days (not persistently malicious)

Ownership Changes: 0

Recent Activity: Signals observed 2026-06-17

The IP shows minimal historical threat activity with one observed threat signal. No persistent malicious behavior detected.

---

## Relationships

DNS Associations

Primary hostname: p7mail.ru (multiple association records)

Network Routing

BGP Prefix: 188.92.241.0/24
Origin ASN: 25227
Network: RU-MATRIXTELECOM-20090505

---

## Recommended Actions

Firewall Rules

Default Policy: Allow (low risk)
Monitoring: Enable logging for baseline behavior
Blocking: Not recommended; IP is classified as low-risk infrastructure

Detection Signatures

Monitor for DNSBL listing changes
Track subnet-level activity for abuse density increases
Alert on new threat indicators

Risk Mitigation

No immediate blocking required
Consider monitoring if connected to critical systems
Review neighbor 188.92.241.150 if threat activity emerges

---

## Conclusion

IP 188.92.241.148 is a low-risk infrastructure address with no active services and no known malicious indicators. The single DNSBL listing and moderate subnet abuse density warrant baseline monitoring but do not justify blocking. The IP appears to be part of legitimate network infrastructure for p7mail.ru. No immediate threat response actions are recommended.

Status: Monitor | Priority: Low | Action: None

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇷🇺 Russia
Region	MOW
City	Moscow
Timezone	—
Latitude	55.74
Longitude	37.61

🏢 Ownership & Registration

Organization	Mostcom NOC
ASN	AS25227
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	p7mail.ru
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`p7mail.ru`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	13%	1	1
services	18%	2	2
ownership	27%	2	3
reputation	23%	1	3
geolocation	30%	2	3
Overall	23%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:02 UTC
Last Seen	2026-06-23 02:01:41 UTC
Profile Built	2026-06-23 02:10:32 UTC
Data Freshness	Live
Signal Types	23
Total Observations	24

🔍 23 signal types · 24 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

188.92.241.148📋 Copy