150.107.36.236
IP Intelligence Briefing: 150.107.36.236
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership:
- ASN: 135377
- Organization: IRT-UCLOUD-HK (UCLOUD Information Technology HK Limited)
- Network: UCLOUD-US (APNIC registry)
- Geolocation:
- Country: US (but flagged as *geoPlausible: false*)
- RTT Anomaly: 87ms latency inconsistent with 9175km distance (minimum possible RTT: 183.5ms)
- Coordinates: Inferred as 39.83°N, -98.58°W (central US)
- Network Role:
- Firewalled / No Services (no open ports, TLS, or HTTP detected)
- BGP: Prefix 150.107.36.0/24, route stability: *unstable*
- DNSSEC: Valid
- DNSBL: Listed in 2/8 DNSBLs (low-severity)
---
**2. Threat & Behavior**
- Threat Indicators:
- No malware campaigns, spam, or known attacker associations.
- DNS: No PTR records, no email auth (SPF/DKIM/DMArC).
- Behavioral Flags:
- Honeypot Hits: 0
- Enumeration Attempts: 0
- WAF Violations: 0
- Historical Trends:
- Last 30 days: 17 observations (minimal risk, stable ownership).
- RTT Violation: Persistent discrepancy between geographic distance and latency.
---
**3. Relationships & Network Context**
- Linked Entities:
- Same network: UCLOUD-US (150.107.36.0/24)
- No hostname, certificate, or organizational relationships.
- Subnet Analysis:
- 150.107.36.0/24: Abuse density 0% (clean), 1 total sibling IP (self).
- No active or malicious neighbors.
---
**4. Actionable Recommendations**
- Firewall Rules:
- Block via:
```bash
iptables -A INPUT -s 150.107.36.236 -j DROP
nft add rule inet filter input ip saddr 150.107.36.236 drop
```
- Cloud WAF rules (Cloudflare/AWS) provided in full profile.
- SOC Guidance:
- Investigate geolocation anomalies (RTT vs. distance).
- Monitor for unexpected traffic patterns or DNS changes.
- No immediate action required due to low threat indicators, but maintain visibility.
---
Final Assessment:
The IP is owned by a cloud provider (UCLOUD) with no direct malicious activity. However, geolocation inconsistencies and DNSBL listings warrant further investigation. Moderate risk profile suggests monitoring over blocking.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | UCLOUD INFORMATION TECHNOLOGY HK LIMITED |
| ASN | AS135377 |
| Network Name | UCLOUD-US |
| CIDR Block | 150.107.36.0/24 |
| RIR | APNIC |
| Country | US |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 32% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 33% | 2 | 4 |
| Overall | 22% | 9 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 02:49:49 UTC |
| Last Seen | 2026-06-07 10:46:22 UTC |
| Profile Built | 2026-06-07 11:15:58 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.