91.226.115.52
IP Threat Intelligence Briefing: 91.226.115.52/32
*Generated from IPDebrief analysis*
---
**1. Core Profile**
- Risk Score: 55 (Moderate Risk)
- Ownership:
- ASN: 57248
- Organization: CDSL-MNT (Slovakian ISP)
- Geolocation: Slovakia (SK), Nové Zamky, Nitra Region (47.98°N, 18.17°E)
- Threat Indicators:
- No detected malicious activity, spam, or known attacker associations.
- Residential Endpoint: Likely a home broadband connection.
- Network Role:
- Residential infrastructure with no cloud, CDN, or mobile carrier flags.
---
**2. Observation History**
- Recent Activity:
- Last observed on 2026-06-06 with moderate confidence (0.60).
- Historical data shows no persistent malicious behavior (threat persistence days = 0).
- DNS & Services:
- No open ports, TLS certificates, or HTTP server banners detected.
- DNSSEC and CAA records are valid but show some DNSBL (blacklist) listings.
---
**3. Network Relationships**
- Key Associations:
- Linked to wispernet (CDSL-MNT subnet: 91.226.112.0/22).
- DNS queries timed out for internal hosts (192.168.2.108), suggesting potential misconfiguration.
- Subnet Context:
- 91.226.115.52/24 subnet has moderate abuse density (0.6364).
- 7/11 sibling IPs show risk scores β₯ 55, with 2 high-risk peers (score 80).
---
**4. Subnet Analysis**
- Neighbor Risk Distribution:
- High Risk: 2 IPs (e.g., 91.226.115.63, 91.226.115.123)
- Medium Risk: 8 IPs
- Low Risk: 1 IP
- Subnet Abuse Density: 63.64% (high abuse classification).
- Recommendation: Monitor high-risk neighbors for lateral movement or shared infrastructure compromises.
---
**5. Threat & Mitigation Summary**
- No Direct Threat: No indicators of compromise (IOC) or malicious campaigns.
- DNS & Network Risks:
- DNS misconfigurations may impact network reliability.
- Subnet abuse density suggests potential for peer-based threats.
- Action Plan:
- Block high-risk subnet peers (e.g., 91.226.115.63) using firewall rules.
- Validate DNS configurations to resolve timeout issues.
- Monitor for changes in subnet abuse density or new threat indicators.
---
*Generated by IPDebrief | Last Updated: 2026-06-06*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | CDSL-MNT |
| ASN | AS57248 |
| Network Name | β |
| CIDR Block | 91.226.112.0/22 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 19% | 8 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 15:48:47 UTC |
| Last Seen | 2026-06-26 08:24:12 UTC |
| Profile Built | 2026-06-24 13:45:40 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.