172.94.9.153
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Intelligence Briefing for IP 172.94.9.153/32
Summary:
The IP address 172.94.9.153/32 was observed in various contexts, indicating its involvement in multiple network activities. The data analysis revealed its associations with both benign and potentially malicious activities. The address is hosted by a known entity and has exhibited patterns that could be of interest to a Security Operations Center (SOC) team.
Observation History:
- The IP was consistently active, showing regular traffic patterns that suggest it is a stable endpoint.
- Historical data indicated spikes in traffic volume at irregular intervals, which could correlate with specific events or activities.
- The address was involved in data transfers that included both legitimate business operations and potential indicators of compromise (IoCs).
Relationships:
- The IP has been associated with domains that have mixed reputations, some of which are flagged for suspicious activities.
- It has been linked to email services known for hosting phishing campaigns, though no direct evidence of phishing originating from this IP was found.
- Connections to third-party services indicate that the IP is used for legitimate business communications, including cloud services and content delivery networks.
Neighborhood Data:
- The IP resides within a range allocated to a telecommunications provider known for hosting both consumer and enterprise services.
- Nearby IP addresses have shown varied activity levels, with some exhibiting patterns similar to known malicious IPs, suggesting potential proximity to compromised or risky entities.
- The network environment around this IP includes a mix of corporate and personal user activities, indicating a diverse ecosystem.
Actionable Threat Intelligence:
- Monitor traffic patterns for anomalies, especially during periods of increased activity, to identify potential security incidents.
- Investigate any communications with flagged domains or services to assess the risk of data exfiltration or unauthorized access.
- Implement enhanced scrutiny on email traffic associated with this IP to preempt potential phishing attempts.
- Consider network segmentation or additional firewall rules if the IP continues to exhibit suspicious behavior or is linked to new malicious domains.
This briefing provides a comprehensive overview of the IP address 172.94.9.153/32, highlighting key observations and actionable insights for SOC analysts. Further monitoring and analysis are recommended to maintain network security and integrity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Secure Internet LLC (UK) |
| ASN | AS213790 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 3389 | rdp | tcp | β |
| Closed Ports | 22, 25, 80, 443, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 4 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 10 | 19 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 22:17:19 UTC |
| Last Seen | 2026-06-26 04:30:00 UTC |
| Profile Built | 2026-06-26 04:34:59 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
π 20 signal types Β· 22 observations collected
This report is generated from 20+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.