## INTELLIGENCE BRIEFING: 24.19.160.116/32
Classification: Moderate Risk | Risk Score: 40/100
Date of Analysis: 2026-06-18
OWNERSHIP & NETWORK ATTRIBUTES
The IP address 24.19.160.116 belongs to Comcast Cable Communications (ASN 7922), registered under the WASHINGTON-9 network block (24.16.0.0/14). Geolocation data places the origin in Bellevue, Washington, US. The IP resolves to Comcast's standard residential subscriber hostname pattern (c-24-19-160-116.hsd1.wa.comcast.net).
THREAT POSTURE
The IP presents a moderate risk profile (score: 40) with the following characteristics:
- DNSBL Status: Listed on 2 of 8 monitored DNSBLs
- Known Campaigns: None identified
- Tor Exit/Proxy/VPN: Negative indicators
- Spam Source: Not flagged
- Known Attacker: Not flagged
- Abuse Confidence Score: Not available
The control plane indicates route instability (isRouteStable: false) and operator classification of "Basic" (score: 0.2609).
NEIGHBORHOOD CONTEXT
The /24 subnet (24.19.160.0/24) shows mixed characteristics:
- Abuse Density: 1
- Subnet Classification: mostly_clean
- Inherited Risk: 2
- Threat Siblings: 1
- Active Siblings: 1
This suggests limited but present malicious activity within the subnet.
OBSERVATION HISTORY
Eighteen observations recorded over the analysis period. Key temporal findings:
- Threat Persistence Days: 0
- Ownership Changes: 0
- Observation Count: 1
- Persistently Malicious: False
Recent signals (within hours of analysis) indicate stable network ownership with no persistent malicious behavior detected.
NETWORK SERVICES
- Open Ports: None detected
- TLS Certificate: Not present
- HTTP Services: None detected
- Classification: Firewalled / No Services
RECOMMENDED SECURITY ACTIONS
Based on the DNSBL listing and moderate risk score, the following blocking rules are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 24.19.160.116 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 24.19.160.116 drop` |
| nginx | `deny 24.19.160.116;` |
| pfSense | `24.19.160.116/32` |
| Cloudflare WAF | Block IP with expression: `ip.src eq 24.19.160.116` |
| AWS WAF | Add address `24.19.160.116/32` to IPSet |
ANALYST NOTES
While the IP shows DNSBL listing activity, the absence of known campaigns, known attacker flags, and persistent malicious behavior suggests this may represent opportunistic or low-level abuse rather than coordinated threat activity. The residential Comcast infrastructure classification indicates this is likely a subscriber IP rather than infrastructure hosting. Monitor for correlation with known threat indicators and consider blocking pending further investigation of the DNSBL listing context.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Comcast Cable Communications |
| ASN | AS7922 |
| Network Name | WASHINGTON-9 |
| CIDR Block | 24.16.0.0/14 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | β |
π DNS Intelligence
| PTR | c-24-19-160-116.hsd1.wa.comcast.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | c-24-19-160-116.hsd1.wa.comcast.net |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 21% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:14 UTC |
| Last Seen | 2026-06-23 09:27:41 UTC |
| Profile Built | 2026-06-23 09:44:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.