190.171.79.66
# IP Intelligence Briefing: 190.171.79.66/32
Classification: High Risk / Recommended Block
Date: Intelligence compilation based on current IPDebrief data
---
## Executive Summary
IP address 190.171.79.66 is classified as High Risk with a risk score of 80/100. The IP is associated with Colombian infrastructure provider ONRED SOLUCIONES DE CONECTIVIDAD S.A.S. (ASN 271792) and has been observed listed on multiple DNS blacklists. Geolocation validation indicates a significant discrepancy between claimed location (Bogotá, Colombia) and network performance metrics, suggesting potential spoofing or misconfiguration.
---
## Risk Assessment
| Metric | Value | Status |
|---|---|---|
| **Risk Score** | 80/100 | **HIGH RISK** |
| **DNSBL Listings** | 4 of 8 lists | Active |
| **Maximum Severity** | High | Critical |
| **Abuse Confidence** | Listed on multiple feeds | Elevated |
Key Risk Indicators
- Listed on 4 DNS blacklists with maximum severity rated "high"
- Recent blacklist observations (June 2026 timeframe)
- Elevated risk score with no clear benign service purpose
---
## Network & Ownership Profile
| Attribute | Value |
|---|---|
| **Organization** | ONRED SOLUCIONES DE CONECTIVIDAD S.A.S. |
| **ASN** | 271792 |
| **Country** | Colombia (CO) |
| **City** | Bogotá |
| **CIDR Block** | 190.171.76.0/22 |
| **RIR** | LACNIC |
| **Service Purpose** | Firewalled / No Services |
---
## Geolocation Validation Concerns
CRITICAL: Geolocation data shows significant inconsistency:
- Claimed Location: Bogotá, Colombia (8,961.2 km distance)
- Observed RTT: 108ms
- Minimum Possible RTT: 179.2ms for claimed distance
- GeoPlausible Flag: FALSE
This RTT violation indicates either:
- Location spoofing in network routing
- Misreported geolocation data
- Potential infrastructure misconfiguration
---
## Neighborhood Analysis
The /24 subnet (190.171.79.0/24) shows concerning abuse characteristics:
- Abuse Density: 1 (High)
- High-Risk Neighbors: 1 (190.171.79.138 also scored 80/100)
- Subnet Classification: mostly_clean (with inherited risk of 2)
The presence of a neighboring IP with identical risk scoring suggests coordinated or shared infrastructure abuse patterns.
---
## Behavioral Observations
- Network Role: No active services detected (firewalled)
- Mobile Carrier: None
- Proxy/VPN/Tor: Not identified
- Campaign Activity: No known campaign associations
- Observation History: 18 total observations recorded with persistent blacklist activity
---
## Recommended Actions
Immediate Mitigation
Block at Network Perimeter:
```bash
# iptables
iptables -A INPUT -s 190.171.79.66 -j DROP
# nftables
nft add rule inet filter input ip saddr 190.171.79.66 drop
# Cloudflare WAF
{"description":"Block 190.171.79.66 โ IPDebrief risk score 80","action":"block","filter":{"expression":"ip.src eq 190.171.79.66"}}
```
Enhanced Monitoring
```bash
# pfSense
190.171.79.66/32
# AWS WAF
{"Addresses":["190.171.79.66/32"],"Description":"IPDebrief risk 80"}
```
Additional Recommendations:
- Increase logging verbosity for all traffic from this subnet (190.171.76.0/22)
- Monitor neighboring IP 190.171.79.138 for similar activity patterns
- Review recent connection attempts during active blacklist periods
---
## Intelligence Notes
- No known threat campaigns associated
- No active threat indicators beyond DNSBL listings
- Risk appears tied to general abuse patterns rather than targeted activity
- Geolocation validation failure warrants further investigation into routing anomalies
---
Classification: UNCLASSIFIED
Distribution: SOC Team / Security Operations
Status: Active Threat Indicator
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ONRED SOLUCIONES DE CONECTIVIDAD S.A.S. |
| ASN | AS271792 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | LACNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 9 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 11:10:12 UTC |
| Last Seen | 2026-06-25 05:38:12 UTC |
| Profile Built | 2026-06-25 05:46:16 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.