193.46.192.20
# IP Intelligence Briefing: 193.46.192.20
## Executive Summary
The IP address 193.46.192.20 presents a high-risk profile (risk score: 80) with elevated abuse indicators. While the IP's immediate /24 neighborhood shows no adjacent threats, the address itself demonstrates persistent DNSBL listings and associations with a Spanish network infrastructure.
## Ownership and Registration
- Organization: Antonio Carrasco Gomez
- ASN: 205624
- Country: Spain (ES), Andalusia, Seville
- RIR: RIPE
- BGP Prefix: 193.46.192.0/22
- Network Classification: Single-Service Host
## Threat Assessment
Risk Score: 80 (High Risk)
- DNSBL Status: Listed on 7 of 8 monitored DNSBLs
- Known Campaigns: None identified
- Threat Classification: Not categorized as Tor exit, proxy, CDN, or known attacker
- Abuse Confidence: High based on DNSBL prevalence
Temporal Analysis: Recent observations from 2026-06-23 show persistent DNSBL listings with high severity ratings. The operator score remains at 0.1304 (minimal), indicating the threat originates from the IP/host rather than the upstream provider.
## Network Environment
- Subnet: 193.46.192.0/24
- Abuse Density: 0.0 (clean)
- Threat Siblings: 0 active threats in /24
- Related Networks: 23 relationships identified to ES-TELECOANDALUZAS-20180716 (Teleco Andalusia infrastructure)
The IP's /24 subnet demonstrates no inherited risk from adjacent addresses, isolating the threat to this specific address.
## Service Analysis
- Active Ports: TCP/80 (HTTP)
- HTTP Version: 1.1
- Response Time: 294ms
- Security Headers: X-Frame-Options: SAMEORIGIN present
- Fingerprint: Body hash a8e8e020659e33e4
## Recommended Actions
Based on the high-risk profile and persistent DNSBL listings:
1. Block at perimeter firewall or WAF for inbound traffic
2. Monitor outbound connections to this IP for potential C2 activity
3. Review logs for any outbound connections to 193.46.192.20
4. Add to threat intelligence feed for automated blocking
5. Escalate if internal systems attempt connections to this IP
## Conclusion
This IP warrants defensive blocking due to high DNSBL prevalence and elevated risk score, despite its clean neighborhood profile. The lack of campaign correlation suggests opportunistic abuse rather than coordinated attack infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Antonio Carrasco Gomez |
| ASN | AS205624 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:04 UTC |
| Last Seen | 2026-06-26 18:11:00 UTC |
| Profile Built | 2026-06-24 12:54:25 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.