122.187.230.176

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 122.187.230.176

Date: 2026-06-17

---

1. Core Profile

Risk Score: 80 (High Risk)
Ownership:

- ASN: 9498

- Organization: Bharti Airtel Ltd. (IRT-BHARTI-IN)

- Region: Maharashtra, India

Network Role: Mobile (LTE/5G)
Services:

- Open ports: SSH (22), HTTPS (443)

- TLS certificate: Self-signed, subject/issuer: `CN=localhost`

- Server banner: `lighttpd/1.4.45`

---

2. Threat & Abuse Context

Threat Indicators: No direct malicious activity detected (no spam, known attackers, or blacklists).
Neighborhood Risk:

- Subnet: `122.187.230.176/24`

- Abuse density: 59.4% (19/32 neighbors high risk)

- 8 high-risk neighbors (e.g., `122.187.230.12`, `122.187.230.34`, `122.187.230.177`)

DNS:

- PTR hostname: `nsg-corporate-176.230.187.122.airtel.in`

- SPF/DKIM: Validated (no email compromise indicators)

---

3. Historical Observations

Recent Signals (30 days):

- Stability: Route stable (no recent BGP changes)

- DNSSEC: Valid

- TLS: No critical vulnerabilities detected

Risk Trends: No significant changes in threat signals.

---

4. Relationships & Network Context

Network Affiliation:

- Same ASN (9498) as 19 high-risk neighbors

- Part of Airtel's mobile network (MCC 404, MNC 10)

Subnet Classification: High abuse density (59.4%), inherited risk score: 21

---

5. Recommendations

Monitoring:

- Track traffic from this subnet due to high abuse density.

- Monitor SSH/HTTPS services for anomalous behavior (e.g., unexpected data transfers).

Mitigation:

- Consider blocking high-risk neighbors in the subnet (e.g., `122.187.230.12`, `122.187.230.34`) if they are not part of legitimate operations.

- Validate DNS records and TLS configurations for potential misconfigurations.

Note: No direct malicious indicators, but the subnet's high abuse density warrants further investigation into potential lateral movement or network compromise.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇳 India
Region	Maharashtra
City	Navsāri
Timezone	—
Latitude	20.96
Longitude	77.74

🏢 Ownership & Registration

Organization	IRT-BHARTI-IN
ASN	AS9498
Network Name	BNLD-209392-NewDelhi
CIDR Block	122.187.0.0/16
RIR	APNIC
Country	IN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	nsg-corporate-176.230.187.122.airtel.in
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`nsg-corporate-176.230.187.122.airtel.in`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
22	ssh	tcp	SSH-2.0-dropbear dSS?^??EY?~?_#^??curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.
Closed Ports	25, 80, 3389, 8080, 8443 (2 open / 7 scanned)

Server	lighttpd/1.4.45
HTTP Title	—
SSH Version	SSH-2.0-dropbear dSS?^??EY?~?_#^??curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp38

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=localhost

Issued by CN=localhost

Self-signed: Yes

SANs	None
Valid From	2021-01-06T19:17:16+00:00
Valid Until	2031-01-04T19:17:16+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	00C9901E556B0DAA3D
Thumbprint	6A272621EEBD7949BC74883E4505EEDA7D23747C

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	27%	2	3
services	26%	2	4
ownership	27%	3	4
reputation	23%	1	3
geolocation	21%	2	2
Overall	25%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:36 UTC
Last Seen	2026-06-22 12:25:00 UTC
Profile Built	2026-06-22 12:43:20 UTC
Data Freshness	Live
Signal Types	28
Total Observations	31

🔍 28 signal types · 31 observations collected

This report is generated from 28+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

122.187.230.176📋 Copy

**1. Core Profile**

**2. Threat & Abuse Context**

**3. Historical Observations**

**4. Relationships & Network Context**

**5. Recommendations**