139.162.55.218
# IP INTELLIGENCE BRIEFING
Target: 139.162.55.218/32
Classification: Low Risk Cloud Compute Infrastructure
Date: 2026-06-26
## EXECUTIVE SUMMARY
IP 139.162.55.218 is a Linode cloud compute instance (ASN 63949) hosted in Singapore. The IP demonstrates low-risk characteristics with a risk score of 25. While the IP itself shows no direct malicious indicators, it is associated with a DNS blacklist and exists within a subnet exhibiting elevated threat sibling activity.
## INFRASTRUCTURE PROFILE
- Provider: Linode (CloudCompute Infrastructure)
- Country: Singapore (SG)
- BGP Prefix: 139.162.32.0/19
- Infrastructure Type: Cloud Compute / Web Server
- Risk Score: 25 (Low Risk)
- Reputation: Low Risk
## NETWORK SERVICES
- Open Ports: 80/TCP (HTTP), 443/TCP (HTTPS), 22/TCP (SSH)
- Server Banner: Apache/2.2.15 (CentOS)
- DNS PTR: app.iconnect.vn
- Forward Resolution: iconnect.vn (confirmed)
## THREAT ASSESSMENT
Direct Indicators: None detected
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Threat Feeds: None
Control Plane Signals:
- DNSSEC Valid: Yes
- DNSBL Listed: 8 total lists (1 listing flagged as high severity)
- Route Stability: False
- Operator Score: 0.2609 (Basic)
## NEIGHBORHOOD ANALYSIS (139.162.55.0/24)
- Subnet Classification: mostly_clean
- Abuse Density: 1
- Total Sibling IPs: 2
- Active Siblings: 1
- Threat Siblings: 2
- Sibling Risk Profile:
- 139.162.55.244: Risk Score 25, Authority Score 60
The subnet exhibits mixed risk characteristics. The target IP is classified as low-risk within a subnet containing 2 threat siblings, suggesting potential infrastructure sharing with lower-risk entities.
## OBSERVATION HISTORY
Total Signals Observed: 23
Recent Notable Signals (2026-06-26):
- DNS Blacklist: 8 total listings, 1 listed with high severity
- HTTP Response: 403 Forbidden status code
- Geolocation Inference: Multi-signal inference indicated US location (39.83, -98.58) with 0.28 confidenceβcontradicts Singapore profile
- Subnet Classification: mostly_clean with inherited risk 5
Temporal Indicators:
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Ownership Changes: 0
## RELATIONSHIP MAPPING
Primary Relationships (63 total):
- DNS Associations: app.iconnect.vn (multiple entries)
- Network Associations: EU-LINODE-20141229 (multiple entries)
The IP is linked to the Linode EU network and associated with the Vietnamese domain iconnect.vn.
## RECOMMENDED ACTIONS
Current Risk Level: Low
Recommended Status: Monitor
- No immediate blocking recommended
- Monitor for changes in DNSBL status
- Consider blocking SSH (port 22) if unauthorized access is detected
- Verify DNS resolution consistency (app.iconnect.vn)
---
Analyst Notes: This IP represents standard cloud infrastructure hosting web services. The 403 Forbidden response and DNSBL association warrant continued monitoring but do not indicate active exploitation. The geographic discrepancy between Singapore profile and US inference in recent signals may indicate multi-region CDN routing or data inconsistency.
Intelligence Confidence: High (based on comprehensive profile and relationship data)
Action Priority: Medium (monitor subnet threat siblings)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | linode-mnt |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | app.iconnect.vn |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | app.iconnect.vn |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.2.15 (CentOS) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_5.3 |
π TLS Certificate
E=root@srv55.iconnect.vn, CN=srv55.iconnect.vn, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, S=SomeState, C=-- was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | None |
| Valid From | 2019-09-06T04:17:37+00:00 |
| Valid Until | 2020-09-05T04:17:37+00:00 (expired) |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 0EC5 |
| Thumbprint | C94D1A00E515B7935155894DC72C97458A62BD78 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Mixed Signals (68%) β 2 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β TLS certificate claims -- but primary geo says SG
π Observation Timeline π Live
| First Seen | 2026-05-10 10:13:09 UTC |
| Last Seen | 2026-06-27 17:19:06 UTC |
| Profile Built | 2026-06-28 11:24:27 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.