194.190.153.226📋 Copy

# IP Intelligence Briefing: 194.190.153.226/32

Classification: Moderate Risk Infrastructure Address

Date: 2026-06-23

Risk Score: 40/100

---

## Executive Summary

IP address 194.190.153.226 is a Russian infrastructure endpoint operating under ASN 41745 (Fortis Host) with a moderate risk profile. The address maintains a firewalled state with no active services and demonstrates persistent network association with the HIP-HOSTING network infrastructure. Historical analysis reveals 21 signal observations with elevated blacklist presence and route instability characteristics.

---

## Ownership & Geolocation

The IP resolves to the domain ib.systems with forward confirmation status of false. Email authentication records confirm presence of both SPF and DMARC configurations.

---

## Threat Assessment

Risk Indicators:

• Risk Score: 40 (Moderate)
• Blacklist Presence: 2 DNSBL listings out of 8 total lists scanned
• Abuse Confidence: Elevated signal activity detected
• Threat Persistence: Single threat observation recorded
• Known Campaigns: None identified
• Tor/Proxy: Not classified as Tor exit node, proxy, or CDN

Historical Analysis:

• Observation Count: 21 signals over monitoring period
• Recent Activity: High-severity blacklist listings observed on 2026-06-23
• Subnet Context: Parent /24 subnet shows abuse density rating of 1 with "mostly_clean" classification
• Route Stability: Flagged as unstable (isRouteStable: false)
• Threat Siblings: 1 related threat IP identified in neighborhood analysis

---

## Network Context

Neighborhood Assessment (194.190.153.0/24):

• Total Siblings: 1 active sibling IP
• Threat Siblings: 1
• Abuse Density: 1 (elevated relative to baseline)
• Inherited Risk: 2

Relationship Graph:

• Total Relationships: 63 entities
• Primary Association: HIP-HOSTING network infrastructure (58+ related network entries)
• Network Classification: Consistent association with hosting infrastructure

---

## Technical Profile

Services:

• Open Ports: None detected
• Connection Type: Firewalled / No services accessible
• TLS/Certificates: None detected
• Banner Information: None available

Control Plane:

• Origin ASN: AS41745
• BGP Prefix: 194.190.153.0/24
• RPKI State: Not reported
• IRR Consistency: Not reported
• Route Changes (30d): 0
• DNSSEC Valid: Yes

---

## Recommended Security Actions

Immediate Mitigation: Block traffic from this source.

Implementation Notes: These rules are probabilistic and should be combined with other intelligence signals before deployment in production environments.

---

## Intelligence Narrative

This IP address represents a stable but flagged infrastructure endpoint in Russian hosting space. The moderate risk score (40) reflects multiple negative signals including blacklist presence and route instability. The address maintains persistent association with the HIP-HOSTING network and Fortis Host organization, suggesting institutional-level hosting rather than opportunistic abuse.

Historical data indicates 21 observations with the most recent showing high-severity blacklist activity. While the parent /24 subnet is classified as "mostly_clean" with only 1 threat sibling, the individual IP demonstrates elevated risk through DNSBL listings and route stability issues.

The absence of open services indicates this may be an administrative or reserved address, or one under active hardening. However, the blacklist presence and route instability warrant defensive blocking. No direct campaign correlation or known attacker classification has been established.

Recommended Action: Implement blocking at perimeter firewall and WAF layers. Monitor for changes in service status or risk score evolution. Review related HIP-HOSTING infrastructure for potential lateral threat indicators.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.