91.246.208.119
IP Intelligence Briefing: 91.246.208.119
Date: 2026-06-11
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Registered to AIR-NET-MNT (UK-based, RIPE) under ASN 198133.
- Geolocation: London, UK (geoPlausible: false; inconsistent coordinates).
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP services).
- Threat Indicators:
- Listed in 4 DNSBLs (abuse confidence score: unknown).
- No direct malware, phishing, or campaign associations.
---
**2. Observation History**
- Recent Activity:
- DNSBL Listings: Detected in 8 lists (confidence: 0.85).
- Operator Score: Minimal risk (0.13), but route stability is unstable.
- Geolocation Shifts: Confirmed as London (2026-06-03) but flagged as implausible.
- Persistence: No threat persistence or ownership changes detected.
---
**3. Network Relationships**
- Shared Network: Linked to AIR-NET (same ASN, /21 subnet).
- Neighbors:
- 4 IPs in 91.246.208.0/24 (abuse density: 0).
- High-risk neighbor: 91.246.208.125 (70 risk score).
---
**4. Threat Context**
- No Direct Malicious Indicators: No malware, phishing, or campaign ties.
- DNSBL Risk: Potential spam or abuse activity (4 DNSBL listings).
- Network Stability: BGP route instability and low operator score suggest possible misconfiguration or spoofing.
---
**5. Recommended Actions**
1. Monitor DNSBL Status: Investigate why the IP is listed in 4 DNSBLs (e.g., spam, botnets).
2. Check Network Segmentation: Confirm firewalled status and isolate high-risk neighbors (e.g., 91.246.208.125).
3. Validate Geolocation: Cross-check with passive DNS or geolocation tools due to conflicting data.
4. Review BGP Security: Assess route stability and consider RPKI validation for ASN 198133.
---
Conclusion: This IP exhibits high risk due to DNSBL listings and unstable network attributes, but lacks direct malicious indicators. Prioritize monitoring for behavioral changes and validate network segmentation to mitigate potential abuse.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AIR-NET-MNT |
| ASN | AS198133 |
| Network Name | AIR-NET |
| CIDR Block | 91.246.208.0/21 |
| RIR | RIPE |
| Country | PL |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 13% | 6 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-27 13:18:14 UTC |
| Last Seen | 2026-06-11 10:56:26 UTC |
| Profile Built | 2026-06-11 11:06:05 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.