IP Intelligence Briefing: 91.234.135.125
Date: 2026-06-06
---
**1. IP Profile**
- Risk Score: 70 (High Risk)
- Ownership:
- ASN: 52026 (AS6700-MNT)
- Registry: RIPE (Serbia)
- Abuse Contact: Available via RDAP
- Geolocation:
- Country: Serbia (RS)
- Coordinates: 44.82°N, 20.45°E
- Accuracy: 100% geo-consensus
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP activity)
- Threat Indicators: No malicious indicators, not listed in blacklists, no Tor/VPN/Proxy activity.
---
**2. Observation History**
- Recent Signals (Last 30 Days):
- 11 observations recorded, with minimal operator risk (score: 0.13).
- DNSSEC valid, but 3 DNSBL listings (out of 8 total).
- No persistent threat activity (0 threat observations).
- Trend: Low confidence in signals (0.16โ0.30), suggesting limited visibility or benign activity.
---
**3. Relationships**
- Network Associations:
- Linked to KBCONLINE (same network/subnet).
- BGP prefix: 91.234.132.0/22 (AS6700-MNT).
- Threat Correlation:
- No direct campaign or malware associations.
- No email/DNS authentication (no SPF/DKIM/DMArc records).
---
**4. Neighborhood Analysis**
- Subnet: 91.234.135.0/24
- Abuse Density: 50% (moderate risk).
- Neighbor IPs (Risk Scores):
- 91.234.135.106: 80 (High)
- 91.234.135.219: 80 (High)
- 91.234.135.253: 70 (High)
- 91.234.135.155: 0 (Low)
- Note: Two high-risk neighbors may indicate potential lateral movement or shared infrastructure risks.
---
**5. Actionable Insights**
- Monitor Neighbors: Focus on 91.234.135.106, 91.234.135.219, and 91.234.135.253 for suspicious activity.
- Verify Ownership: Confirm AS6700-MNTโs legitimacy and check for network misconfigurations.
- Enhance DNSSEC: Ensure DNSSEC validation for subnets with DNSBL listings.
- Firewall Rules: Consider blocking or monitoring high-risk neighbors if traffic anomalies are detected.
---
Conclusion: While 91.234.135.125 shows no direct malicious activity, its high-risk neighbors and moderate subnet abuse density warrant closer monitoring. Validate network segmentation and investigate shared infrastructure risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AS6700-MNT |
| ASN | AS52026 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear <?@????x'A??Y???curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-grou |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 1 |
| geolocation | 13% | 1 | 1 |
| Overall | 16% | 7 | 8 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 00:05:10 UTC |
| Last Seen | 2026-06-06 17:15:40 UTC |
| Profile Built | 2026-06-06 17:55:34 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 27 |
Full dossier details are available via our API.