135.136.20.11

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 135.136.20.11/32

*Generated via IPDebrief Analysis*

---

1. Core Profile

Risk Assessment:

- Overall Risk Score: 25 (Low Risk)

- Threat Indicators: No malicious activity detected (no malware, C2, or phishing indicators).

- Network Role: Firewalled / No Services; not part of CDN, VPN, or cloud infrastructure.

Ownership:

- ASN: 9009 (GLOBALAXS NOC)

- Geolocation: Manchester, England, United Kingdom (53.45°N, -2.32°E).

- Registry: ARIN (Regional Internet Registry).

Services:

- No open ports or TLS/HTTP services detected.

- TLS certificate from ExpressVPN (valid, self-signed, no critical extensions).

---

2. Observation History

Latest Activity (2026-06-09):

- TLS scan detected a certificate for ExpressVPN’s server (subject: `Server-12507-0a`, issuer: ExpressVPN).

- No HTTP/FTP services or SMTP banners observed.

- DNSSEC Valid: Yes; no DNSBL listings.

Trend: No significant changes in risk or network behavior over time.

---

3. Relationships & Network Context

Linked Entities:

- Subnet: `135.136.20.0/24` (owned by GLOBALAXS NOC).

- No direct ties to known malicious organizations, domains, or campaigns.

Neighbors:

- Subnet Abuse Density: 0% (low risk).

- High-Risk Neighbors: None.

- Notable IPs:

- `135.136.20.2`, `135.136.20.4`, and `135.136.20.5` have similar low-risk profiles.

---

4. Threat & Risk Analysis

Threat Indicators:

- No spam, Tor exit nodes, or known attacker IPs.

- Operator Score: 0.13 (Minimal risk).

Abuse Flags:

- No DNSBL listings, honeypot hits, or WAF violations.

- BGP Stability: Route stable (no recent changes).

---

5. Actionable Insights

SOC Recommendations:

- Monitor: TLS certificate validity and ExpressVPN’s network activity for anomalies.

- No Blocking Required: Low-risk IP with no malicious indicators.

- Investigate: Verify ExpressVPN’s server origin (British Virgin Islands) for potential geolocation discrepancies.

Firewall Rules: No recommended restrictions; allow traffic unless explicitly flagged.

---

Conclusion:

135.136.20.11 is associated with a legitimate service (ExpressVPN) and exhibits no malicious behavior. The subnet has no abuse history, and neighbors are low-risk. No immediate defensive action is required, but continued monitoring of TLS activity is advised.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	Manchester
Timezone	Europe/London
Latitude	53.45
Longitude	-2.32

🏢 Ownership & Registration

Organization	GLOBALAXS NOC
ASN	AS9009
Network Name	M247-LTD-Manchester
CIDR Block	135.136.20.0/24
RIR	ARIN
Country	GB
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
8080	http-alt	tcp	—
Closed Ports	22, 25, 3389, 8443 (3 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

E=support@expressvpn.com, CN=Server-12507-0a, OU=ExpressVPN, O=ExpressVPN, S=BVI, C=VG

Issued by E=support@expressvpn.com, CN=ExpressVPN CA3, OU=ExpressVPN, O=ExpressVPN, S=BVI, C=VG

Self-signed: No

SANs	None
Valid From	2026-05-13T07:10:43+00:00
Valid Until	2076-05-13T07:10:43+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	18263 days
Serial Number	0FC467
Thumbprint	A22CB2D2C8EF28060453C4C31CAC22E40FCE246E

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	19%	1	2
routing	19%	1	2
services	13%	1	1
ownership	30%	2	3
reputation	0%	0	0
geolocation	13%	1	1
Overall	16%	6	9

Coverage: 5/6 dimensions · Data sufficiency: partial

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: GB, VG
⚠ TLS certificate claims VG but primary geo says GB

📅 Observation Timeline 🔄 Live

First Seen	2026-05-20 22:12:00 UTC
Last Seen	2026-06-09 06:02:17 UTC
Profile Built	2026-06-09 06:12:22 UTC
Data Freshness	Live
Signal Types	18
Total Observations	18

🔍 18 signal types · 18 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

135.136.20.11📋 Copy

**1. Core Profile**

**2. Observation History**

**3. Relationships & Network Context**

**4. Threat & Risk Analysis**

**5. Actionable Insights**