77.90.185.105
# IP Intelligence Briefing: 77.90.185.105/32
Classification: Moderate Risk | Date: 2026-06-26
---
## Executive Summary
IP address 77.90.185.105 presents a moderate security risk profile with an overall risk score of 55/100. The address is associated with LimitedNetwork-MNT (ASN 213790) and geolocated to the United Kingdom (GB). The IP shows no active services, no open ports, and is not currently flagged as a known attacker, Tor exit node, or spam source. However, the subnet environment exhibits mixed abuse density, and the IP is listed on multiple DNS blocklists.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 55/100 (Moderate) |
| **Provider Score** | 0 |
| **Authority Score** | 0 |
| **Operator Score** | 0.1304 |
| **Geolocation** | GB, Europe/London (±750km accuracy) |
| **ASN** | 213790 |
| **Organization** | LimitedNetwork-MNT |
| **RIR** | Ripe |
| **Network Block** | 77.90.185.0/24 |
| **DNSSEC Status** | Valid |
---
## Threat Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 3 of 8 total lists
- Campaign Correlations: None detected
- Certificate Matches: 0
The IP does not exhibit persistent malicious behavior. Threat observation count remains at 1 with no evidence of persistent malicious activity.
---
## Network Environment Analysis
Subnet Characteristics (77.90.185.0/24)
- Total Neighbors: 44
- Abuse Density: 0.114
- Classification: Mixed
- Risk Distribution: High (5), Medium (18), Low (21)
Notable High-Risk Neighbors:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 77.90.185.16 | 80 | 50 |
| 77.90.185.28 | 80 | 50 |
| 77.90.185.37 | 80 | 50 |
| 77.90.185.41 | 80 | 50 |
| 77.90.185.229 | 80 | 50 |
The subnet shows a mixed risk profile with 12 threat-identified siblings, suggesting some level of neighborhood risk correlation that warrants monitoring.
---
## Service & DNS Analysis
- Open Ports: None detected
- HTTP Services: No active HTTP title or server banners
- TLS Certificates: None
- PTR Records: None
- Forward Resolution: None
- Hosted Domains: 0
The IP presents as a firewalled address with no detectable services or DNS records, indicating limited public exposure.
---
## Observation History
Sixteen signal observations recorded between 2026-06-05 and 2026-06-26. Recent observations show:
- 2026-06-26: Operator score assessment (confidence: 0.30)
- 2026-06-05: Neighborhood analysis showing subnet abuse density of 0.4286
- 2026-06-05: Threat indicator scan (confidence: 0.20)
No significant escalation in risk profile observed over the monitoring period.
---
## Relationships
The IP maintains network-level relationships with the LIMITED-NETWORK organization, with fifteen recorded same-network associations. No cross-network or organizational relationships detected.
---
## Recommended Actions
Immediate Recommendations (High Severity)
- Increase logging verbosity and review recent activity from this IP address due to elevated risk score (55/100)
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 77.90.185.105 -j DROP
# nftables
nft add rule inet filter input ip saddr 77.90.185.105 drop
# nginx
deny 77.90.185.105;
```
Cloud/WAF Rules
- Cloudflare WAF: Block IP address with expression `ip.src eq 77.90.185.105`
- AWS WAF: Add CIDR block `77.90.185.105/32` to rule set
---
## SOC Analyst Notes
The IP address 77.90.185.105 should be treated as a moderate-risk entity requiring monitoring. While not currently exhibiting active malicious behavior, the following contextual factors warrant attention:
1. Subnet Context: The /24 subnet contains multiple high-risk neighbors (5 IPs with risk score 80), indicating potential infrastructure sharing with higher-risk entities.
2. DNSBL Presence: Listed on 3 of 8 DNS blocklists, suggesting prior reputation issues.
3. No Active Services: The IP appears firewalled with no open ports, which may indicate either defensive hardening or egress-only configuration.
4. Monitoring Priority: Medium-high priority for logging and traffic analysis, particularly if the IP begins generating outbound traffic or if services become active.
Recommended Monitoring Duration: 30 days | Escalation Threshold: Risk score > 70 or DNSBL listing increase > 5
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | LimitedNetwork-MNT |
| ASN | AS213790 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 22:18:00 UTC |
| Last Seen | 2026-06-26 05:49:56 UTC |
| Profile Built | 2026-06-26 06:33:46 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 17 |
Full dossier details are available via our API.