192.42.116.52
IP Intelligence Briefing: 192.42.116.52
*Generated via IPDebrief Analysis*
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Network Role: Tor Exit Node (classified as "Firewalled / No Services")
- Geolocation: Amsterdam, North Holland, Netherlands (52.13°N, 5.29°E)
- Ownership: AS1101-MNT (ARIN-registered, abuse contact available)
- Threat Indicators: No direct malware, phishing, or spam associations.
---
**2. Network Behavior**
- Subnet: 192.42.116.0/24
- Neighborhood Risk:
- Abuse Density: 50.7% (34/67 IPs flagged as high-risk).
- Top Neighbors:
- 192.42.116.12 (Risk: 80), 192.42.116.13 (Risk: 80), 192.42.116.15 (Risk: 80).
- Subnet Classification: "Clean" but with inherited risk from high-risk neighbors.
---
**3. Threat Observations**
- Historical Signals:
- Minimal risk detected over time (operator score: 0.13).
- 4 DNSBL listings (out of 8 total lists) with high-severity warnings.
- DNS & Services:
- No open ports, TLS certs, or HTTP services detected.
- No email authentication (SPF/DKIM) or domain hosting.
---
**4. Relationships & Context**
- Linked Entities:
- Multiple connections to "TOR-EXIT-AND-MORE" networks.
- No direct organizational or certificate ties.
- Routing:
- BGP prefix: 192.42.116.0/24 (AS1101-MNT).
- Route stability: Unstable (0 route changes in 30 days).
---
**5. Recommendations**
- Immediate Action:
- Block the IP in firewalls (iptables/nftables) due to Tor exit node association and high-risk subnet.
- Monitor related subnets (192.42.116.0/24) for lateral movement.
- Long-Term:
- Investigate neighboring IPs (e.g., 192.42.116.12, 192.42.116.13) for potential botnet or C2 activity.
- Check for DNSBL updates (e.g., Spamhaus, Project Honey Pot).
---
Note: This IP is part of a Tor-exit subnet with elevated risk due to surrounding infrastructure. While no direct malicious activity is observed, its position in a compromised network warrants vigilance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AS1101-MNT |
| ASN | AS215125 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-01-13T00:00:00+00:00 |
| Valid Until | 2027-01-02T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 354 days |
| Serial Number | 009827351952445A1E |
| Thumbprint | 3C0C5BF306753F65866AEAA47B601D74EDF8E80A |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 20% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:37 UTC |
| Last Seen | 2026-06-26 21:06:47 UTC |
| Profile Built | 2026-06-27 10:47:43 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 47 |
Full dossier details are available via our API.