85.11.167.192
IP Intelligence Briefing: 85.11.167.192
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership:
- ASN: 209630 (TechTies Inc., NL)
- Geolocation: Registered to Netherlands (NL), but geolocation data indicates Sofia, Bulgaria.
- Network: Subnet `85.11.167.0/24` (mixed abuse density, 27.78% abuse risk).
- Threat Indicators:
- No malicious indicators, abuse confidence score, or known campaigns.
- DNS: PTR record points to `awake-models.shopanatolia.com` (no further validation possible due to ICMP blocking).
- Services: No open ports, TLS certs, or HTTP services detected.
---
**2. Observation History**
- Last 30 Days:
- Network Classification: Mixed (11 inherited risk, 5 threat siblings).
- Geolocation: Validated as plausible (1,651 km from claimed location, 0.2778 abuse density).
- BGP: Stable route with no recent changes.
---
**3. Network Relationships**
- Subnet: `85.11.167.0/24` (22 sibling IPs, 5 flagged as high risk).
- Associations:
- Linked to `TechTies-Network` (ASN 209630).
- DNS association with `awake-models.shopanatolia.com` (no SPF/DKIM records).
---
**4. Neighborhood Analysis**
- Subnet Abuse Density: 4.5% (low overall risk, but 5 high-risk neighbors).
- High-Risk Neighbors:
- IPs like `85.11.167.30` (80 risk score) and `85.11.167.220` (65 risk score) may indicate compromised hosts.
- Active Siblings: 9/18 IPs in subnet are active, with mixed risk levels.
---
**5. SOC Actionable Insights**
- Monitor: The subnet `85.11.167.0/24` for unusual traffic patterns, especially given the mix of high-risk neighbors.
- Investigate: DNS association with `awake-models.shopanatolia.com`βverify if this domain is linked to malicious activity.
- Verify Geolocation: Discrepancy between registered country (NL) and geolocation (Bulgaria) may indicate misconfiguration or spoofing.
- Isolate: Consider isolating high-risk neighbors (e.g., `85.11.167.30`, `85.11.167.220`) to mitigate potential lateral movement.
---
Conclusion:
The IP is currently low risk, but its subnet contains high-risk neighbors and ambiguous geolocation data. Further investigation into the DNS association and network behavior is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | bg-sofcompany-1-mnt |
| ASN | AS197170 |
| Network Name | TechTies-Network |
| CIDR Block | 85.11.167.0/24 |
| RIR | RIPE |
| Country | NL |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | awake-models.shopanatolia.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | awake-models.shopanatolia.com |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 32% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:37 UTC |
| Last Seen | 2026-06-23 23:07:14 UTC |
| Profile Built | 2026-06-23 23:09:47 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.