172.213.25.26
IP Intelligence Briefing: 172.213.25.26/32
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Provider: Microsoft Azure (Cloud Infrastructure)
- Ownership: Registered to *Divya Quamara* (ARIN)
- Geolocation: Milan, Italy (45.46°N, 9.19°E)
- Network Role: Single-service host (HTTP on port 80 via Nginx/1.27.5)
- Threat Indicators: No known malicious activity, no DNSBL listings, no spam/attacker flags.
---
**2. Observation History**
- Recent Activity (2026-06-17):
- ICMP validation failed (potential firewall blocking).
- Low confidence (0.50) in geolocation and threat signals.
- Historical Trends:
- Stable risk profile (no persistent malicious behavior).
- First observation from 2026-06-02 (high confidence, 0.90).
---
**3. Relationships & Subnet**
- Network Affiliation:
- Part of Azure cloud infrastructure (no CDN/VPN/Proxy detected).
- Subnet: 172.213.25.0/24 (abuse density: 0, but one risky neighbor).
- Neighbors:
- 172.213.25.203 (risk score: 65, medium risk).
- Subnet classification: *mostly_clean* but contains one risky sibling.
---
**4. Threat & Security Context**
- No Direct Threats:
- No indicators of exploitation, spam, or known campaigns.
- Nginx server banner: *nginx/1.27.5* (no known vulnerabilities in latest version).
- Neighbor Risk:
- Adjacent IP (172.213.25.203) shows higher risk (65), suggesting potential lateral movement or compromised host.
---
**5. Recommended Actions**
1. Monitor Subnet:
- Investigate 172.213.25.203 for suspicious activity (e.g., traffic patterns, DNS requests).
2. Restrict Access:
- Apply firewall rules to limit access to this IP (e.g., `iptables -A INPUT -s 172.213.25.26 -j DROP`).
3. Secure HTTP Service:
- Ensure Nginx is patched and configured with WAF rules (e.g., Cloudflare or AWS WAF).
4. Verify Geolocation:
- Confirm ICMP validation failure is not due to misconfigured security groups or firewalls.
---
Conclusion:
This IP appears benign but resides in a subnet with a risky neighbor. Prioritize monitoring the subnet and securing the HTTP service to mitigate potential risks from adjacent hosts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Divya Quamara |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | nginx/1.27.5 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:54 UTC |
| Last Seen | 2026-06-27 02:02:55 UTC |
| Profile Built | 2026-06-27 20:09:45 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.