205.185.113.92
IP Intelligence Briefing: 205.185.113.92
Date: 2026-06-12
---
**1. Profile Summary**
- Risk Score: 55/100 (Moderate Risk)
- Ownership: FranTech Solutions (ASN 53667, PONYNET-03)
- Geolocation: Chicago, IL, US (arin-registered)
- Network Role: Colocation Hosting (BuyVM)
- Threat Indicators: No direct malicious activity detected.
---
**2. Observation History**
- Recent Activity:
- Linked to Las Vegas (Alienvault-OTX) with "has_threats" flag.
- Listed in 3/8 DNSBLs (high-severity threats).
- DNS records resolve to `you2php.com` (no HTTPS enforcement).
- Stability: Route stability is questionable (BGP instability).
---
**3. Relationships**
- Network: Same subnet as 205.185.113.8, 205.185.113.112, and 205.185.113.180 (risk scores: 59β60).
- DNS: Associated with `bv-us.you2php.com` (no DNSSEC validation).
- Hosting: Linked to `you2php.com` (SPF/DKIM configured but no TLS enforcement).
---
**4. Neighborhood Analysis**
- Subnet: 205.185.113.0/24
- Abuse Density: Low (0/3 high-risk neighbors).
- Neighbors:
- 205.185.113.8 (59/100 risk), 205.185.113.112 (59/100 risk), 205.185.113.180 (60/100 risk).
---
**5. Recommended Actions**
1. Monitor: Track activity from this IP, especially given its hosting role and DNSBL listings.
2. Block: Consider blocking the IP via firewall rules (see below).
3. Verify: Confirm FranTech Solutionsβ security practices and investigate `you2php.com` for phishing or C2 domains.
4. Log Analysis: Check for anomalous traffic patterns or unauthorized access attempts.
---
**6. Firewall Rules**
```bash
iptables: iptables -A INPUT -s 205.185.113.92 -j DROP
nftables: nft add rule inet filter input ip saddr 205.185.113.92 drop
Cloudflare WAF: {"action":"block","filter":{"expression":"ip.src eq 205.185.113.92"}}
AWS WAF: {"Addresses":["205.185.113.92/32"],"Description":"IPDebrief risk 55"}
```
---
Next Steps: Prioritize monitoring and blocking based on risk score and DNSBL associations. Investigate linked domains for potential phishing or C2 infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | PONYNET-03 |
| CIDR Block | 205.185.112.0/20 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | bv-us.you2php.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | bv-us.you2php.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-03 12:21:39 UTC |
| Last Seen | 2026-06-21 10:19:38 UTC |
| Profile Built | 2026-06-21 10:31:08 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 27 |
Full dossier details are available via our API.