176.103.22.73
IP Intelligence Briefing: 176.103.22.73
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 55/100 (Moderate Risk)
- Ownership: Owned by DIALOGKOM-MNT (RIPE, Ukraine).
- Geolocation: Kharkiv, Kharkivsβka Oblastβ (UA).
- Network Role: Web server (HTTP/HTTPS, lighttpd/1.4.39).
- Threat Indicators: No active malicious signals, no known campaigns, or blacklists.
---
**2. Observation History**
- Recent Activity:
- HTTPS connection failed (likely transient issue).
- Subnet abuse density: 0.6 (mostly clean, but 3/5 neighbors flagged).
- No persistent threat indicators.
---
**3. Relationships**
- Linked Entities:
- Same network: DIALOG-NET (176.103.16.0/20).
- No direct links to organizations, domains, or certificates.
---
**4. Neighborhood Analysis**
- Subnet: 176.103.22.0/24.
- Neighbor Risk:
- 4 siblings analyzed; 3 flagged as high/medium risk (70/55 scores).
- Subnet abuse density: 60% (moderate risk).
- Recommendation: Monitor neighboring IPs for potential lateral movement or shared infrastructure risks.
---
**5. Security Actions**
- Recommended Controls:
- Firewall Rules:
- `iptables -A INPUT -s 176.103.22.73 -j DROP`
- `nft add rule inet filter input ip saddr 176.103.22.73 drop`
- WAF Rules:
- Cloudflare: Block IP with description "IPDebrief risk 55".
- AWS WAF: Add `176.103.22.73/32` to a rule.
- Monitoring: Increase logging verbosity for this IP due to elevated risk score.
---
**6. Summary**
The IP is a moderate-risk web server in Ukraine, owned by a local ISP. While no direct malicious activity is detected, its subnet contains higher-risk neighbors. SOC teams should monitor this IP for anomalies, validate its HTTP service security posture, and consider blocking it to mitigate potential lateral threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DIALOGKOM-MNT |
| ASN | AS56812 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 03:43:01 UTC |
| Last Seen | 2026-06-26 14:49:01 UTC |
| Profile Built | 2026-06-26 14:54:46 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 20 |
Full dossier details are available via our API.