109.236.86.20
## IP INTELLIGENCE BRIEFING: 109.236.86.20
Classification: Moderate Risk | Jurisdiction: Netherlands (NL) | Data Collection Date: 2026-06-26
---
EXECUTIVE SUMMARY
IP address 109.236.86.20 is a web hosting infrastructure endpoint operated by WORLDSTREAM (ASN 49981), geolocated to Naaldwijk, South Holland, Netherlands. The IP presents a moderate risk profile with a risk score of 50. Evidence indicates legitimate web hosting operations with associated DNS records for the domain wayshare.cc. The subnet exhibits low abuse density with minimal threat activity in neighboring addresses.
---
INFRASTRUCTURE PROFILE
Network Ownership:
- ASN: 49981 (MNT-WORLDSTREAM)
- BGP Prefix: 109.236.80.0/20
- RIR: RIPE NCC
- Route Stability: Stable (no route changes in 30 days)
Geolocation:
- Country: Netherlands (NL)
- Region: South Holland
- City: Naaldwijk
- Coordinates: 52.13°N, 5.29°E
- Timezone: Europe/Amsterdam
Service Fingerprint:
- Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH), TCP/8080 (HTTP-alt)
- Web Server: Apache/2.4.57 (AlmaLinux)
- TLS Certificate: GlobalSign GCC R6 AlphaSSL CA 2025 for *.wayshare.cc
- DNS Records: SPF configured (include: _spf.protonmail.ch), DMARC set to p=none
---
THREAT INDICATORS
Risk Assessment:
- Overall Risk Score: 50/100 (Moderate)
- Blacklist Count: 0
- Known Campaign Associations: None detected
- Tor Exit Node: No
- Known Attacker Status: No
Control Plane Analysis:
- DNSBL Listing: Listed on 2 of 8 total DNSBLs
- Operator Score: 0.2609 (Basic classification)
- RPKI/IRR: Status not reported
Threat Observations:
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Persistently Malicious: No
---
OBSERVATION HISTORY
Temporal Analysis:
Total signal observations: 29 over monitored period.
Key Historical Signals:
1. 2026-06-26 07:48:37 UTC - DNS resolution for wayshare.cc (confidence: 0.85), SPF record with ProtonMail and IP-based authorization, DMARC policy p=none
2. 2026-06-26 02:17:13 UTC - HTTP response analysis showing 403 Forbidden status, Apache/2.4.57 server banner, HTTP/1.1 protocol, no HSTS or CSP headers
3. 2026-06-10 02:36:37 UTC - DNS resolution for wayshare.cc with identical SPF/DMARC configuration
Temporal Trend: Stable infrastructure with consistent DNS and email authentication records. No escalation in threat indicators observed.
---
RELATIONSHIP ANALYSIS
Entity Associations:
- DNS Associations: 109-236-86-20.hosted-by-worldstream.net
- Network Relationships: Multiple associations to WORLDSTREAM network infrastructure
- Total Relationship Count: 75
Network Context: The IP shares network relationships with other WORLDSTREAM infrastructure components, primarily DNS and network-level associations.
---
NEIGHBORHOOD ANALYSIS
Subnet: 109.236.86.20/24
- Abuse Density: 0 (Low)
- Classification: Mostly Clean
- Neighbor Count: 0 (isolated subnet)
- Threat Siblings: 0
- Active Siblings: 0
The /24 subnet demonstrates minimal abuse activity with no detected high-risk neighboring addresses.
---
RECOMMENDED ACTIONS
Defense Posture:
- Monitor for DNSBL listing changes (currently 2/8 lists)
- Review HTTP 403 responses in access logs for potential abuse attempts
- Standard web server security monitoring appropriate
- No immediate blocking recommended based on current risk profile
Priority Level: Standard monitoring recommended. The IP represents legitimate hosting infrastructure with moderate risk characteristics typical of web hosting environments.
---
Intel Source: IPDebrief | Confidence: High | Last Updated: 2026-06-26
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | MNT-WORLDSTREAM |
| ASN | AS49981 |
| Network Name | โ |
| CIDR Block | 109.236.80.0/20 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 109-236-86-20.hosted-by-worldstream.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 109-236-86-20.hosted-by-worldstream.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | Apache/2.4.57 (AlmaLinux) OpenSSL/3.0.7 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
๐ TLS Certificate
| SANs | *.wayshare.ccwayshare.cc |
| Valid From | 2025-11-12T11:02:41+00:00 |
| Valid Until | 2026-12-14T11:02:40+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 396 days |
| Serial Number | 651F8FF2AC953BB256D17F2E |
| Thumbprint | D8F6A8DE8785E18C637C23568222CD5CD991CA90 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 27% | 2 | 3 |
| services | 30% | 2 | 4 |
| ownership | 24% | 3 | 4 |
| reputation | 19% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:57:16 UTC |
| Last Seen | 2026-06-26 18:10:21 UTC |
| Profile Built | 2026-06-26 07:54:27 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 28 |
Full dossier details are available via our API.