172.59.213.216

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: IP 172.59.213.216

Classification: LOW RISK

Risk Score: 25/100

Report Date: 2026-06-25

---

## EXECUTIVE SUMMARY

IP 172.59.213.216 is a low-risk mobile carrier address belonging to T-Mobile USA, Inc. (ASN 21928). The IP demonstrates consistent mobile network classification with no active threat indicators, open services, or malicious reputation signals observed across 19 historical observations.

---

## NETWORK ATTRIBUTES

Attribute	Value
Organization	T-Mobile USA, Inc.
ASN	21928
Location	Newark, NJ, US
Network Role	Mobile Carrier
CIDR Block	172.59.213.216/24
Abuse Density	0 (Mostly Clean)

---

## THREAT ASSESSMENT

Risk Profile: LOW

Risk Score: 25/100
Abuse Confidence: Not applicable (mobile carrier)
Blacklist Status: Clean (0 entries)
DNSBL Status: Listed on 1 of 8 feeds (likely false positive or monitoring list)

Threat Indicators

Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Associations: None detected
Certificate Matches: 0

Network Services

Open Ports: None detected (Firewalled/No Services)
HTTP Services: None
TLS Certificates: None
Reverse DNS: Not configured

---

## OBSERVATION HISTORY (19 Records)

Recent Activity (Last 60 Days):

2026-06-25: Confirmed mobile carrier infrastructure (LTE/5G)
2026-06-04: Consistent mobile classification
Risk Trend: Stable low-risk classification throughout observation period

Signal Consistency:

Mobile classification: 100% consistent
Infrastructure type: Mobile carrier (172.59.213.216)
No infrastructure changes detected

---

## NEIGHBORHOOD ANALYSIS

Subnet: 172.59.213.216/24

Total Siblings: 1 active
Abuse Density: 0 (Low threat environment)
Classification: Mostly Clean
Neighbor IP: 172.59.213.37 (Risk Score: 25)

Both IPs in the /24 subnet demonstrate consistent low-risk mobile carrier behavior with no abuse patterns.

---

## RELATIONSHIP NETWORK

Identified Relationships (13):

All relationships map to T-Mobile network (TMO9)
Consistent BGP prefix: 172.59.208.0/21
No anomalous external associations detected

---

## RECOMMENDATIONS

SOC Analyst Guidance:

1. Monitor: Track for any sudden infrastructure changes or service openings

2. Baseline: Consider as legitimate mobile carrier traffic

3. Threshold: Current risk score (25) does not warrant blocking

4. Firewall Rules: No specific rules recommended at this time

Action Items:

No immediate action required
IP represents standard mobile carrier infrastructure
No threat indicators warranting investigation or blocking

---

## CONCLUSION

IP 172.59.213.216 exhibits characteristics of legitimate T-Mobile mobile carrier infrastructure. The IP shows stable low-risk classification, consistent mobile network behavior, and no threat indicators. SOC teams should treat as benign mobile traffic and monitor for any deviation from established baseline behavior.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NJ
City	Newark
Timezone	—
Latitude	40.76
Longitude	-74.18

🏢 Ownership & Registration

Organization	T-Mobile USA, Inc.
ASN	AS21928
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	20%	2	3
routing	8%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	19%	1	3
geolocation	19%	2	2
Overall	16%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 11:10:01 UTC
Last Seen	2026-06-25 05:13:33 UTC
Profile Built	2026-06-25 05:49:35 UTC
Data Freshness	Live
Signal Types	18
Total Observations	18

🔍 18 signal types · 18 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

172.59.213.216📋 Copy