102.64.36.189

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 102.64.36.189/32

Classification: Moderate Risk

Generated: June 2026

## Executive Summary

IP address 102.64.36.189 is classified as a moderate risk endpoint (Risk Score: 40/100) located in Vanderbijlpark, Gauteng Province, South Africa. The IP is associated with Jacobus De Beer (ASN 327991) within the 102.64.36.0/24 block. No active threat indicators were detected, though the subnet exhibits mixed classification with elevated neighborhood abuse density.

## Ownership & Registration

Attribute	Value
Organization	Jacobus De Beer
ASN	327991
CIDR Block	102.64.36.0/24
RIR	AFRINIC
Registration	Not available

## Geolocation & Network Context

Attribute	Value
Country	South Africa (ZA)
Region	Gauteng
City	Vanderbijlpark
Timezone	Africa/Johannesburg
Validation	ICMP blocked - unable to validate
Geo Consensus	True (1 source)

## Service & Port Analysis

Open Ports: None detected
Service Purpose: Firewalled / No Services
HTTPS/TLS: No certificates detected
DNS Records: Single PTR hostname (ms-36-189.megasurf.co.za)

## Threat Intelligence Findings

Indicator	Status
Known Attacker	No
Spam Source	No
Tor Exit Node	No
Blacklist Hits	0
Abuse Confidence Score	Not applicable
Known Campaigns	None

## DNS & Reputation

Forward Resolution: 1 hostname (ms-36-189.megasurf.co.za)
Email Authentication: SPF record present, DMARC record present
DNSBL Listings: 2 of 8 total lists
Reputation Sources: None active

## Neighborhood Analysis (102.64.36.0/24)

Metric	Value
Total Siblings	66
Active Siblings	20
Threat Siblings	14
Abuse Density	0.2121
Classification	Mixed
Inherited Risk	8

High-Risk Neighbors Identified:

102.64.36.8 (Risk Score: 55)
102.64.36.6, 102.64.36.10, 102.64.36.12, 102.64.36.17 (Risk Score: 40)

## Historical Observations

Total Signals: 28 observations

Recent Activity: June 2026

Date	Activity Type	Confidence
2026-06-22	Network scan	0.30
2026-06-22	Subnet analysis	0.75
2026-06-17	Service scan	0.70
2026-06-17	Ownership verification	0.85

## Control Plane & Routing

Metric	Value
Route Stability	Not stable
BGP Prefix	102.64.32.0/21
RPKI State	Unknown
IRR Consistency	Match
DNSSEC	Valid
Hop Count	30

## Recommended Actions

1. Monitor: Continue monitoring for new threat indicators given moderate risk score and subnet abuse density

2. Block: Consider blocking if traffic patterns indicate malicious activity (no current threat indicators)

3. Investigate: Investigate 14 threat siblings within the same /24 subnet for potential lateral movement

4. Review: Review DNSBL listings for potential reputation impact

---

Analyst Notes: This IP represents a residential or small business endpoint with no active services. The elevated neighborhood abuse density (0.2121) warrants awareness but does not indicate this specific IP is malicious. No immediate action required absent observed threat activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇿🇦 South Africa
Region	Gauteng
City	Vanderbijlpark
Timezone	Africa/Johannesburg
Latitude	-26.70
Longitude	27.82

🏢 Ownership & Registration

Organization	Jacobus De Beer
ASN	AS327991
Network Name	102.64.36.0 - 102.64.36.255
CIDR Block	102.64.36.0/24
RIR	AFRINIC
Country	ZA
Abuse Contact	—

🌐 DNS Intelligence

PTR	ms-36-189.megasurf.co.za
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ms-36-189.megasurf.co.za`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	36%	2	4
routing	25%	3	3
services	18%	2	2
ownership	21%	2	2
reputation	31%	1	4
geolocation	32%	2	3
Overall	27%	12	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	High (85%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:24 UTC
Last Seen	2026-06-22 05:54:19 UTC
Profile Built	2026-06-22 06:01:37 UTC
Data Freshness	Live
Signal Types	27
Total Observations	28

🔍 27 signal types · 28 observations collected

This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

102.64.36.189📋 Copy