IPDebrief

109.72.12.37

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 109.72.12.37/32

## Executive Summary

IP 109.72.12.37 presents a MODERATE RISK profile (score: 55/100) with mixed threat indicators. The IP operates as a web server in Pล™íbram, Czech Republic (ASN 49767, Lukas Holzel) and exhibits dynamic network characteristics with elevated DNSBL presence. Neighborhood analysis shows clustered medium-risk activity within the /24 subnet.

## Technical Profile

AttributeValue
**IP Address**109.72.12.37/32
**Risk Score**55/100 (Moderate Risk)
**Geolocation**Czech Republic, Central Bohemia, Pล™íbram (49.82°N, 15.47°E)
**ASN/Org**49767 / Lukas Holzel
**Service Purpose**Web Server (lighttpd/1.4.39)
**Open Ports**80/TCP (HTTP), 443/TCP (HTTPS), 22/TCP (SSH)
**PTR Hostname**ip-109-72-12-37.pb.cz
**Forward Resolution**Verified (1 host)

## Threat Indicators

## Network Neighborhood Analysis

Subnet 109.72.12.37/24 shows clean classification with 0% abuse density, though clustered activity detected:

## Observation History (21 signals tracked)

Temporal analysis reveals intermittent activity patterns:

## Relationship Graph

43 relationships identified, predominantly same-network associations (IPB_DYNAMIC_NAT). No direct organizational or certificate-based links to known malicious entities.

## Recommended Actions

Risk Level: High (score 55/100)

Primary Recommendation: Increase logging verbosity and review recent activity

Firewall Rules

## Intelligence Assessment

The IP exhibits characteristics of a legitimate but potentially compromised or misconfigured web hosting resource. The presence of SSH access (port 22), multiple DNSBL listings, and route instability suggest either security hardening issues or prior abuse. The neighborhood clustering with identical risk scores indicates a pattern of behavior within the subnet. While not classified as persistently malicious, the moderate-to-elevated risk profile warrants monitoring and consideration of blocking if the IP appears in threat traffic logs.

Classification: Moderate Risk โ€“ Monitor/Block Based on Context

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ฟ Czechia
RegionCentral Bohemia
CityPล™íbram
TimezoneEurope/Prague
Latitude49.82
Longitude15.47

๐Ÿข Ownership & Registration

OrganizationLukas Holzel
ASNAS49767
Network Nameโ€”
CIDR Blockโ€”
RIRARIN
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTRip-109-72-12-37.pb.cz
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesip-109-72-12-37.pb.cz

๐Ÿ” DNS Hygiene

Hygiene Score60% (Good)
SPFPresent
DMARCPresent
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown โ€” Insufficient routing data to classify
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpโ€”
443httpstcpโ€”
22sshtcp
Closed Ports25, 3389, 8080, 8443 (3 open / 7 scanned)
Serverlighttpd/1.4.39
HTTP Titleโ€”
SSH VersionSSH-2.0-dropbear <?"??d~NsY??x??curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
32%
23
routing
13%
11
services
26%
23
ownership
27%
23
reputation
17%
12
geolocation
21%
22
Overall23%1014
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-07 23:03:29 UTC
Last Seen2026-06-25 20:08:44 UTC
Profile Built2026-06-22 08:47:26 UTC
Data FreshnessLive
Signal Types22
Total Observations23
๐Ÿ” 22 signal types ยท 23 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.