176.12.132.63
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 176.12.132.63
*Generated via IPDebrief analysis tools*
---
**1. Risk Assessment**
- Risk Score: 80 (High Risk)
- Threat Indicators: No active malware campaigns, spam, or known attacker associations.
- DNSBL Listings: 5/8 DNSBL lists flagged the IP (potential abuse risk).
- Network Stability: Stable BGP routes (no recent changes).
---
**2. Ownership & Geolocation**
- Organization: CELLCOM NOC team (Israel).
- Location: Caesarea, Haifa, Israel (GPS: 31.05°N, 34.85°E).
- ASN: 1680 (RIPE registry).
- Network Role: Web server (ports 443, 22, 8080 open).
---
**3. Network & Service Configuration**
- Services:
- HTTP/HTTPS (lighttpd/1.4.53).
- SSH (port 22).
- HTTP-alt (port 8080).
- TLS: Self-signed certificate (CN=localhost).
- Subnet: 176.12.132.63/24 (abuse density: 1/100).
---
**4. Historical Observations**
- Recent Activity (June 2026):
- HTTP banners consistent (lighttpd/1.4.53).
- No detected malware campaigns or anomalous traffic.
- Geo-validation confirmed plausible location (RTT: 177โ259ms).
---
**5. Relationships**
- Linked Networks: Repeatedly associated with "IL-NETVISION-20110518" (likely CELLCOM infrastructure).
- Certificates/Hostnames: No linked domains or TLS certificates.
- DNS: No DNSSEC validation errors; no email auth records (SPF/DKIM).
---
**6. Neighborhood Analysis**
- Subnet: 176.12.132.63/24.
- Neighbors: No active IPs detected in the subnet (0/256).
- Abuse Density: Low (1/100 IPs flagged).
---
**7. Recommendations**
- Monitoring: Continuously monitor for unexpected service changes or port activity.
- Firewall: Block non-essential ports (e.g., 8080) unless required.
- DNSBL Checks: Investigate DNSBL listings to confirm legitimacy.
- Network Context: Correlate with CELLCOM infrastructure for potential insider threats.
---
Note: No immediate actionable threats detected, but the IPโs DNSBL status and inherited risk warrant further investigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | CELLCOM NOC team |
| ASN | AS1680 |
| Network Name | โ |
| CIDR Block | 176.12.128.0/17 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 80, 3389, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.53 |
| HTTP Title | โ |
๐ TLS Certificate
A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.
CN=localhost
Issued by CN=localhost
Self-signed: Yes
| SANs | None |
| Valid From | 2020-06-23T15:06:48+00:00 |
| Valid Until | 2030-06-21T15:06:48+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00DE72AC1AF46BDA69 |
| Thumbprint | 30332C8E865FD69D6DAA410EC09495BA6072CD48 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 28% | 2 | 3 |
| ownership | 30% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 12 | 20 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:55 UTC |
| Last Seen | 2026-06-26 18:10:48 UTC |
| Profile Built | 2026-06-24 23:28:07 UTC |
| Data Freshness | Fresh |
| Signal Types | 24 |
| Total Observations | 24 |
๐ 24 signal types ยท 24 observations collected
This report is generated from 24+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.