139.99.221.57
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP Address 139.99.221.57/32
Overview:
IP Address 139.99.221.57/32 was observed in the network data over a specified period. The data collected through various analysis tools provided insights into its characteristics, activity patterns, and potential relationships with other IP addresses. This briefing summarizes the key findings to inform SOC analysts regarding the nature and potential risks associated with this IP address.
Observation History:
- Data Source: The IP address was primarily observed through network traffic logs, DNS queries, and threat intelligence databases.
- Activity Patterns: The IP address exhibited intermittent activity, with a notable increase in traffic volume during specific time windows. This pattern suggests potential automated or scheduled tasks.
- Geolocation: The IP address is geolocated to a specific region known for hosting both legitimate businesses and entities involved in cyber operations.
Network Characteristics:
- ASN Information: The IP address is associated with an Autonomous System Number (ASN) known for hosting a mix of commercial and governmental entities. This suggests a broad range of possible legitimate activities.
- Domain Associations: DNS queries linked to this IP address revealed associations with multiple domains, some of which have been flagged for suspicious activity in threat intelligence databases.
- Port Activity: Common ports observed included 80 (HTTP) and 443 (HTTPS), indicating standard web traffic. However, occasional traffic on non-standard ports was noted, warranting further scrutiny for potential covert data exfiltration or command and control (C2) activities.
Relationships and Neighborhood Data:
- Peer IPs: Analysis of traffic patterns revealed interactions with other IP addresses within the same ASN, some of which have been previously identified as part of botnet infrastructure.
- Threat Intelligence Correlation: The IP address was correlated with indicators of compromise (IoCs) linked to known malicious campaigns, including malware distribution and phishing activities.
- Behavioral Analysis: The behavioral profile of the IP address showed similarities to patterns associated with cyber espionage and data theft operations.
Actionable Insights:
- Monitoring: Continue to monitor traffic associated with this IP address, focusing on unusual patterns or spikes in activity, particularly during off-peak hours.
- Alerting: Implement alerts for traffic on non-standard ports and for any communication with domains flagged in threat intelligence databases.
- Blocking: Consider blocking or restricting access to domains associated with this IP address, pending further investigation.
- Investigation: Conduct a deeper investigation into the nature of the traffic and the specific domains involved to determine if the activity is part of a broader malicious campaign.
Conclusion:
IP Address 139.99.221.57/32 exhibits characteristics and behaviors that align with both legitimate and potentially malicious activities. Given its associations and observed patterns, it is recommended that SOC teams maintain heightened vigilance and employ defensive measures to mitigate any potential threats. Further analysis and correlation with known threat actors may provide additional context and enhance the understanding of this IP's role in the network landscape.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Australia PTY LTD |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | testing-godoo-26.godoo.me |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | testing-godoo-26.godoo.me |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u4 |
๐ TLS Certificate
An expired certificate for
CN=testing-godoo-26.godoo.me was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.CN=testing-godoo-26.godoo.me
Issued by CN=E8, O=Let's Encrypt, C=US
Self-signed: No
| SANs | *.testing-godoo-26.godoo.metesting-godoo-26.godoo.me |
| Valid From | 2025-08-24T08:15:19+00:00 |
| Valid Until | 2025-11-22T08:15:18+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06B22231E02B3543822C6083F832BB770343 |
| Thumbprint | 43D82D947FAC4C4ABC555974AC83FDE61974ECFA |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 17 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 15:04:01 UTC |
| Last Seen | 2026-06-27 19:31:02 UTC |
| Profile Built | 2026-06-28 19:45:08 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
๐ 23 signal types ยท 28 observations collected
This report is generated from 23+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.