91.92.241.35

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# Threat Intelligence Briefing: 91.92.241.35/32

Date: 2026-06-24

Target: 91.92.241.35

Classification: High Risk

---

## Executive Summary

IP address 91.92.241.35 presents a high-risk threat profile with an overall risk score of 80/100. The address is located in Amsterdam, Netherlands, within ASN 202412 (Abuse Contact). The IP has been listed on 4 out of 8 DNS blacklists and resides in a subnet with 71.4% abuse density. No open services are detected due to firewalling.

---

## Risk Assessment

Primary Risk Indicators:

Risk Score: 80 (High Risk)
Reputation: High Risk
DNSBL Listings: 4 of 8 total lists
Operator Classification: Basic (0.3043 score)

Network Context:

The IP belongs to subnet 91.92.241.0/24, classified as "high_abuse" with 5 threat siblings among 7 total siblings. The neighborhood risk distribution shows 2 high-risk, 4 medium-risk, and 2 low-risk peers.

---

## Technical Profile

Geolocation: Amsterdam, North Holland, Netherlands (NL)

ASN: 202412 (Abuse Contact)

RIR: RIPE

Timezone: Europe/Amsterdam

Network Role: Firewalled / No Services detected

Service Status: No open ports, no TLS certificates, no HTTP services

DNS Configuration:

Forward resolution: Not confirmed
Hosted domains: None
PTR hostnames: None
SPF/DMARC records: Not configured

Route Stability: False (route changes observed)

---

## Threat Indicators

Malicious Activity:

Not classified as known attacker, spam source, or Tor exit node
No active threat feeds or known campaign associations detected
No email reputation scores available

Abuse Signals:

High-severity blacklist listings observed in most recent signal
Subnet abuse density: 0.7143
Inherited risk score from neighborhood: 12

---

## Temporal Analysis

Observation History: 18 total observations recorded

Latest Observation: 2026-06-24

Threat Persistence: No persistent malicious pattern identified

Ownership Changes: 0

Recent signals indicate continued blacklist presence with high-severity categorization. The subnet abuse classification has remained consistent across observations.

---

## Related Infrastructure

Network Relationships: 17 relationships identified, all linked to network entity "OMEGATECH"

Same Subnet Risk: Multiple high-risk neighbors detected:

91.92.241.87 (Risk: 80)
91.92.241.106 (Risk: 80)
91.92.241.254 (Risk: 65)

---

## Recommended Actions

Firewall/Blocking:

Block inbound connections to this IP at network perimeter
Consider blocking entire /24 subnet 91.92.241.0/24 due to high abuse density
Monitor for any service changes if previously blocked

Monitoring:

Alert on any new DNS resolution from this subnet
Watch for pattern changes in traffic from related OMEGATECH network
Track DNSBL listing additions/removals

Intelligence Sharing:

Report to threat intelligence feeds
Share with relevant RIR abuse contacts (RIPE)

---

Analyst Note: This IP demonstrates characteristics of a potentially compromised or malicious endpoint. The high-risk score combined with substantial DNS blacklist presence and subnet-level abuse density warrants proactive defensive measures.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇳🇱 Netherlands
Region	04
City	Sistov
Timezone	Europe/Amsterdam
Latitude	52.13
Longitude	5.29

🏢 Ownership & Registration

Organization	Abuse Contact
ASN	AS202412
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	19%	2	2
services	8%	1	1
ownership	24%	2	3
reputation	22%	1	3
geolocation	19%	2	2
Overall	19%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: BG, NL

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:42 UTC
Last Seen	2026-06-24 01:08:02 UTC
Profile Built	2026-06-24 01:15:43 UTC
Data Freshness	Live
Signal Types	20
Total Observations	21

🔍 20 signal types · 21 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

91.92.241.35📋 Copy