149.34.211.140
IP Intelligence Briefing: 149.34.211.140
*Generated via IPDebrief tools: profile, history, relationships, and neighborhood analysis*
---
**Key Risk Indicators**
- Risk Score: 55 (Moderate Risk)
- Subnet Abuse Density: 0.5 (Moderate)
- Neighbors: 6 total (3 high-risk, 3 medium-risk)
- Geolocation Discrepancy: Registered to Turkey (AS208972) but observed in the US (MaxMind).
---
**Ownership & Network Context**
- Organization: GIBIRNET ILETISIM HIZMETLERI SANAYI VE TICARET LIMITED SIRKETI (AS208972)
- Subnet: 149.34.211.140/24 (part of 149.34.192.0/19)
- Network Role: Multi-service host (HTTP, SSH) with no CDN/VPN/Hosting flags.
---
**Threat & Activity Observations**
- No Direct Threat Indicators: No malware, spam, or known attacker associations.
- DNS Configuration: Misconfigured PTR records (e.g., `undefined.hostname.localhost`).
- Service Footprint:
- SSH: Dropbear server (banner: `SSH-2.0-dropbear`).
- HTTP: Lighttpd 1.4.39 (outdated, but not inherently malicious).
- Historical Signals:
- Geolocation varied (Turkey/US).
- SSH banner and HTTP server fingerprint consistent over time.
---
**Neighbor Risk Analysis**
- High-Risk Neighbors (80): 149.34.211.137, 149.34.211.139, 149.34.211.142.
- Medium-Risk Neighbors (55): 149.34.211.130, 149.34.211.132, 149.34.211.135.
- Subnet Classification: "Mixed" (combination of benign and high-risk IPs).
---
**Actionable Insights**
1. Monitor Neighbors: High-risk neighbors may indicate a compromised subnet.
2. Investigate Geolocation Discrepancy: Verify if the IP is being used in Turkey despite registration in the US.
3. Check SSH/HTTP Services: Update Lighttpd and Dropbear to mitigate potential vulnerabilities.
4. DNS Misconfiguration: Address PTR record issues to prevent misattribution of traffic.
---
*Note: No immediate mitigation required, but ongoing monitoring is advised due to mixed-risk subnet and geolocation anomalies.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | GIBIRNET ILETISIM HIZMETLERI SANAYI VE TICARET LIMITED SIRKETI |
| ASN | AS208972 |
| Network Name | GIBIRNET-CGNT-NET-1 |
| CIDR Block | 149.34.192.0/19 |
| RIR | ARIN |
| Country | Turkey |
| Abuse Contact | β |
π DNS Intelligence
| PTR | undefined.hostname.localhost |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | undefined.hostname.localhost |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | β |
| SSH Version | SSH-2.0-dropbear <#j????h?????60?curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-grou |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 19% | 1 | 2 |
| services | 27% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 13% | 1 | 2 |
| geolocation | 31% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Recent
| First Seen | 2026-05-12 15:46:43 UTC |
| Last Seen | 2026-06-11 21:17:21 UTC |
| Profile Built | 2026-06-11 19:54:22 UTC |
| Data Freshness | Recent |
| Signal Types | 19 |
| Total Observations | 19 |
Full dossier details are available via our API.