91.92.242.202
IP Intelligence Briefing: 91.92.242.202
Date: 2026-06-06
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: Unassigned (ASN 202412, OMEGATECH-AS)
- Geolocation: Registered to Netherlands (Amsterdam), but geo-plausibility flags suggest potential misconfiguration or spoofing.
- Threat Indicators: No known malicious activity, spam, or campaigns. Listed on 2/8 DNSBLs (moderate risk).
---
**2. Network & Ownership**
- ASN: 202412 (OMEGATECH-AS, RIPE)
- Subnet: 91.92.242.0/24
- Neighboring IPs:
- 3 high/medium-risk siblings (abuse density: 25%).
- Notable neighbor: 91.92.242.55 (risk score 80).
- Network Role: Firewalled with no services detected (no open ports, TLS, or HTTP activity).
---
**3. Historical Observations**
- Recent Activity (last 30 days):
- 16 observations, including:
- DNSBL listings (2/8 lists, "high" severity).
- Geolocation data (Amsterdam, Netherlands).
- BGP prefix tracking (stable route).
- No persistent malicious behavior or campaign correlations.
---
**4. Relationships & Connections**
- Linked Entities:
- Same network: OMEGATECH-AS (ASN 202412).
- No direct hostname, domain, or certificate associations.
- DNS: No PTR records, SPF/DKIM records, or email validation data.
---
**5. Recommended Actions**
- Firewall Blocking Rules:
- iptables: `iptables -A INPUT -s 91.92.242.202 -j DROP`
- Cloudflare AWS WAF: Block IP with description "IPDebrief risk 40."
- Monitoring: Track DNSBL re listings and monitor neighbors (e.g., 91.92.242.55) for anomalies.
- Investigation: Verify geolocation discrepancies and check if the subnet (91.92.242.0/24) has broader abuse patterns.
---
Conclusion:
The IP exhibits moderate risk due to DNSBL listings but shows no active malicious behavior. While geolocation data is inconsistent, the network appears to be firewalled and inactive. SOC teams should monitor for unexpected traffic and validate DNSBL context.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Abuse Contact |
| ASN | AS202412 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 4 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:59:35 UTC |
| Last Seen | 2026-06-26 09:32:36 UTC |
| Profile Built | 2026-06-26 09:35:36 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.