92.119.164.131
Threat Intelligence Briefing for IP 92.119.164.131
Date: 2026-06-13
---
**1. IP Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Registered to LAIN (RIPE network), ASN 211507.
- Geolocation: Ismaning, Germany (NL country code noted, likely a data error).
- Network Role: Identified as a Tor Exit Node, suggesting potential use for anonymized traffic.
- Services:
- Open SSH (port 22) with banner: `SSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u4`.
- No TLS/HTTP services detected.
- Threat Indicators: No malicious indicators, blacklists, or campaigns linked.
---
**2. Observation History**
- Recent Activity:
- Subnet abuse density: 0.5 (moderate risk in the /24 network).
- Detected as a Tor Exit Node with 15 pulse alerts (e.g., "malware," "phishing").
- SSH service scanned with no immediate threats.
- Stability: No persistent malicious activity; ownership unchanged.
---
**3. Relationships**
- Network Associations:
- Linked to LAIN (same network).
- DNS association with lain.92.119.164.131.aluy.net (potential hostname).
- No direct ties to known malicious entities (e.g., C2 servers, botnets).
---
**4. Neighborhood Analysis**
- Subnet: 92.119.164.0/24.
- Neighbor Risk: One high-risk neighbor (92.119.164.208, score 66).
- Abuse Density: 0% (mostly clean).
---
**5. Recommendations**
- Monitor SSH Traffic: Given the open SSH service, inspect for unusual login attempts or data exfiltration.
- Investigate Tor Exit Node: Analyze traffic patterns to detect covert communications or command-and-control activity.
- Watch Neighboring IPs: The high-risk neighbor (92.119.164.208) may indicate a compromised subnet.
- Verify Geolocation Anomalies: Confirm the "NL" country code discrepancy, as the IP is registered in Germany.
Conclusion: This IP is low risk but warrants monitoring due to its Tor exit node status and a high-risk neighbor. No immediate action required, but maintain vigilance for network anomalies.
---
*Generated via IPDebrief intelligence tools.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | LAIN |
| ASN | AS211507 |
| Network Name | LAIN |
| CIDR Block | 92.119.164.0/24 |
| RIR | RIPE |
| Country | NL |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | lain.92.119.164.131.aluy.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | lain.92.119.164.131.aluy.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u4 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 19% | 2 | 2 |
| ownership | 40% | 3 | 6 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 28% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-06 22:52:02 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 17:40:47 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 56 |
Full dossier details are available via our API.