45.82.110.150
# IP Intelligence Briefing: 45.82.110.150/32
## Executive Summary
This IP address presents a HIGH RISK profile (Risk Score: 80) despite operating on a subnet with clean classification. The address is associated with Finnish infrastructure but exhibits characteristics of compromised hosting with active blacklist presence.
## Infrastructure Profile
- Owner/Provider: fi-pyhanet-1-mnt (ASN: 57359)
- Geolocation: Haapajärvi, North Ostrobothnia, Finland (FI)
- Service Type: Web Server (HTTP/HTTPS)
- Network Role: Infrastructure hosting with SSH access enabled
- BGP Prefix: 45.82.108.0/22 (not route stable)
## Threat Indicators
- Blacklist Status: Listed on 6 of 8 monitored DNSBLs (high severity)
- Risk Score: 80/100 (High Risk)
- Control Plane: Operator score 0.1304 (Minimal)
- No Tor Exit Node: Confirmed
- No Known Campaign Correlation: No active threat campaigns detected
## Service Exposure
- Open Ports: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- Server Software: nginx/1.19.6
- SSH Version: SSH-2.0-dropbear with curve25519-sha256 key exchange
- TLS Certificate: Issued by iopsys Software Solutions AB (Stockholm, SE)
- HTTP Fingerprint: nginx/1.19.6 confirmed via HTTP headers
## Observation History
- Total Signals: 18 observations recorded
- Recent Activity: Multiple blacklist listings observed (June 22-25, 2026) with high severity ratings
- TLS Certificate: Valid certificate issued by Swedish entity
- HTTP Response: Status 200, response time ~757ms
## Network Neighborhood Analysis
- Subnet Classification: 45.82.110.150/24 marked as "clean"
- Abuse Density: 0.0
- Sibling IPs: 1 total sibling, 0 active, 0 threat siblings
- Risk Distribution: No high/medium/low risk siblings identified
## Relationship Network
- Network Associations: 20 relationships to Pyhanet-154-2 network
- Organization Links: Primary association with Pyhanet infrastructure
## Recommended Actions
1. Block SSH Access: Consider blocking port 22 at perimeter firewall due to high risk
2. Monitor HTTPS Traffic: Investigate HTTPS traffic patterns for data exfiltration
3. DNSBL Validation: Review specific blacklist listings to understand reputation impact
4. Geographic Filtering: Consider filtering traffic from Finland if not business-critical
5. TLS Inspection: Analyze TLS certificate usage and associated domains
## Intelligence Narrative
IP 45.82.110.150 demonstrates a high-risk profile despite clean subnet classification. The combination of active DNSBL listings (6/8), high severity ratings, and exposed SSH services suggests potential compromise or malicious hosting activity. While the physical infrastructure is associated with Finnish ISP Pyhanet, the TLS certificate origin (Swedish iopsys Software Solutions AB) indicates potential hosting misconfiguration or shared infrastructure. The non-stable BGP routing state and recent high-severity blacklist additions warrant immediate defensive consideration.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | fi-pyhanet-1-mnt |
| ASN | AS57359 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.19.6 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear ??"lk?????!??????curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-gro |
๐ TLS Certificate
| SANs | None |
| Valid From | 2018-06-01T08:39:20+00:00 |
| Valid Until | 2028-05-29T08:39:20+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00E943120F1F947C3E |
| Thumbprint | EBF6814E63BA7DED43709A92152F54595BD5F66F |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 20% | 1 | 2 |
| geolocation | 23% | 2 | 2 |
| Overall | 22% | 10 | 13 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims SE but primary geo says FI
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 05:02:19 UTC |
| Last Seen | 2026-06-26 18:11:21 UTC |
| Profile Built | 2026-06-26 08:50:20 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.