IP Intelligence Briefing: 102.129.200.117
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership:
- ASN: 208949
- Organization: IPXO Incident Response Team
- CIDR Block: 102.129.200.0/24
- Geolocation:
- Country: United States (US)
- Geo Plausibility: False (RTT inconsistency with distance)
- Threat Indicators:
- No malicious indicators, abuse confidence, or campaign associations.
- Not listed in DNSBLs or spam sources.
---
**2. Network Behavior**
- Network Role:
- Firewalled / No Services (no open ports, TLS, or HTTP activity).
- Subnet: 102.129.200.0/24 (abuse density: 0.5, classified as "mostly_clean").
- Control Plane:
- BGP Prefix: 102.129.200.0/24
- RPKI State: Unknown
- DNSSEC: Valid
- CAA Records: Present
- Route Stability: Unstable (route changes in last 30 days).
---
**3. Observation History**
- Latest Signals:
- Multi-signal geolocation inferred (confidence: 28%) with 3,750km accuracy.
- DNS listings (2/8 total) with "high" severity.
- Network operator score: 0.2174 (Minimal risk).
- Temporal Trends:
- No persistent malicious activity (threat observation count: 1).
---
**4. Neighborhood Analysis**
- Subnet: 102.129.200.0/24
- Neighbors:
- 102.129.200.101: Risk score 50 (same subnet, moderate risk).
- Abuse Density: 0.5 (1/2 siblings flagged).
---
**5. Recommended Actions**
- Firewall Rules:
- iptables: `iptables -A INPUT -s 102.129.200.117 -j DROP`
- Cloudflare WAF: Block IP with description "IPDebrief risk 50".
- AWS WAF: Add `102.129.200.117/32` to IP set.
- Monitoring:
- Watch for unexpected DNS activity or subnet-wide changes.
- Validate geolocation consistency (RTT vs. distance).
---
**6. Summary**
The IP 102.129.200.117 is owned by the IPXO Incident Response Team and exhibits moderate risk. While no direct malicious indicators are present, its geolocation inconsistency and subnet abuse density suggest potential scrutiny. Monitor for anomalous behavior, especially given the unstable BGP route and minimal network operator score. Use the provided firewall rules to block the IP if it becomes a concern.
*Generated by IPDebrief β Threat Intelligence for SOC Teams*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | IPXO Incident Response Team |
| ASN | AS208949 |
| Network Name | 102.129.200.0 - 102.129.200.255 |
| CIDR Block | 102.129.200.0/24 |
| RIR | AFRINIC |
| Country | US |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 22% | 3 | 3 |
| services | 11% | 1 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 21% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 21% | 11 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Recent
| First Seen | 2026-05-07 23:03:24 UTC |
| Last Seen | 2026-06-26 14:30:44 UTC |
| Profile Built | 2026-06-27 07:11:33 UTC |
| Data Freshness | Recent |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.