85.187.189.103
# IP Intelligence Briefing: 85.187.189.103/32
Classification: Moderate Risk
Date: [Current Date]
Source: IPDebrief Intelligence Platform
---
## Executive Summary
IP 85.187.189.103 is a moderately risky host (Risk Score: 40) located in Stara Zagora, Bulgaria, operating under ASN 59466 (IPACCT-MNT). The IP resolves to euroxp.net and presents as a multi-service host with HTTP/HTTPS-alt services. While the IP maintains a "mostly clean" subnet classification, it appears on 2 of 8 DNSBL lists with at least one high-severity listing.
---
## Technical Profile
Ownership & Registration:
- ASN: 59466
- Organization: IPACCT-MNT
- RIR: RIPE (Bulgaria)
- Control Plane BGP Prefix: 85.187.188.0/23
- Operator Score: 0.1304 (Minimal)
Geolocation:
- Country: Bulgaria (BG)
- Region: Stara Zagora
- Coordinates: 42.73°N, 25.49°E
- Geo Confidence: 100% consensus across sources
Network Services:
- Open Ports: TCP/80 (HTTP), TCP/8443 (HTTPS-alt)
- HTTP Status: 302 (Redirect)
- TLS Certificate: CN=tplinkwifi.net (issuer and subject)
- HTTP Version: 1.1
- Time to First Byte (TTFB): ~253-255ms
DNS Records:
- PTR Hostname: 85.187.189.103.euroxp.net
- Forward Resolution: 85.187.189.103.euroxp.net
- SPF Record: Present
- DMARC Record: Absent
- TXT Record Count: 0
---
## Threat Indicators
DNSBL Listings:
- Total Lists: 2 out of 8 queried
- Maximum Severity: High
- Status: Active blacklist presence
Threat Assessment:
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Likelihood: None
- Cert Matches: 0
- Correlated IPs: 0
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
- Risk Label: Moderate Risk
---
## Historical Analysis
Observation Count: 27 signals observed
Key Historical Signals:
- HTTP responses show consistent 302 redirect behavior with HTTP/1.1
- Operator score observations indicate "Minimal" threat posture
- Recent DNS records reference tplinkwifi.net domain
- Multiple DNSBL listing observations with high severity classifications
Temporal Indicators:
- Ownership Changes: 0 (stable ownership)
- Threat Persistence Days: 0
- Persistently Malicious: False
- Observation Count: 1 distinct threat observation
---
## Relationship Network
Connected Entities: 36 relationships detected
- Primary Network Affiliation: BG-EUROXP (multiple entries)
- Network Type: Same Network relationships dominate
- No external organizational or hostname correlations identified
---
## Neighborhood Analysis
Subnet: 85.187.189.103/24
- Abuse Density: 1 (low)
- Classification: Mostly Clean
- Threat Siblings: 1
- Active Siblings: 1
- Inherited Risk: 2
Peer Risk Distribution:
- High Risk Neighbors: 0
- Medium Risk Neighbors: 0
- Low Risk Neighbors: 0
---
## Recommended Actions
Monitoring Recommendations:
1. DNSBL Monitoring: Continue monitoring the 2 active blacklist listings. Investigate high-severity listing reasons.
2. Service Monitoring: HTTP/HTTPS-alt services on ports 80/8443 should be observed for anomalous traffic patterns.
3. Certificate Analysis: TLS certificate (tplinkwifi.net) warrants continued observation for certificate renewals or changes.
Firewall/Blocking Considerations:
- Risk score of 40 suggests selective blocking may be appropriate depending on security posture
- Not recommended for blanket blocking due to moderate risk classification and "mostly clean" subnet status
- Monitor for escalation in threat indicators or DNSBL additions
Investigation Triggers:
- New DNSBL listings (currently 2/8)
- Certificate changes on tplinkwifi.net
- Service port modifications
- BGP prefix changes (85.187.188.0/23)
---
## Conclusion
IP 85.187.189.103 represents a moderate-risk infrastructure host with established DNSBL presence but stable operational characteristics. The subnet demonstrates low abuse density with minimal threat sibling activity. SOC teams should monitor blacklist status and service behavior but no immediate blocking is recommended without additional threat context.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IPACCT-MNT |
| ASN | AS59466 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 85.187.189.103.euroxp.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 85.187.189.103.euroxp.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | 1/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 8443 | https-alt | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | tplinkwifi.net |
| Valid From | 2020-01-01T00:00:00+00:00 |
| Valid Until | 2040-12-31T00:00:00+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 7670 days |
| Serial Number | 00C7FD90B6F37F5D77 |
| Thumbprint | 1C29A55FCC0CCEE9BB77AD5A666C041F0BB8BBF3 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 43% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 27% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:38 UTC |
| Last Seen | 2026-06-23 23:11:45 UTC |
| Profile Built | 2026-06-23 23:19:57 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 27 |
Full dossier details are available via our API.