180.191.169.65
IP Intelligence Briefing: 180.191.169.65
*Generated via IPDebrief Analysis*
---
**Key Findings**
1. Ownership & Geolocation
- Registrar: IRT-GLOBET-PH (Philippines)
- ASN: 132199
- Location: Makati City, Philippines (14.56°N, 121.03°E)
- Network: Part of `180.191.128.0/18` subnet, registered to a Philippine ISP.
2. Threat Indicators
- No Direct Malicious Activity: No indicators of spam, malware, or known attacker activity.
- DNSBL Listings: Listed in 8 DNSBLs (high severity), suggesting potential spam or abuse.
- Subnet Abuse Density: 0% (clean subnet).
3. Network Behavior
- Firewalled/No Services: No open ports or services detected.
- BGP Analysis: Route stability flagged as unstable (low operator score).
- DNSSEC Valid: DNS records are secure.
4. Observation History
- Recent Activity:
- Multi-signal geolocation inference (52% confidence) placing it in the Philippines.
- DNSBL listings (8 total) with high severity.
- No recent threat persistence or network changes.
5. Neighborhood Data
- Subnet: `180.191.169.65/24`
- Neighbors: 1 active sibling IP (`180.191.169.25`) with no risk score.
- Abuse Density: 0% (clean subnet).
---
**Recommended Actions**
1. Monitoring:
- Track DNSBL listings and correlate with email or network traffic.
- Monitor for unexpected geolocation changes or new service activity.
2. Firewall Rules:
- Block traffic from this IP using:
```bash
iptables -A INPUT -s 180.191.169.65 -j DROP
nft add rule inet filter input ip saddr 180.191.169.65 drop
```
- Update WAF rules (Cloudflare, AWS) to block this IP.
3. Investigation:
- Validate DNSBL listings with upstream providers.
- Check for potential spoofing or misconfigured DNS records.
---
**Conclusion**
This IP is registered to a Philippine ISP and shows no direct malicious activity. However, its presence in multiple DNSBLs raises concerns about potential spam or abuse. While the subnet is clean, the IPโs DNSBL listings warrant further investigation. SOC teams should monitor for anomalous behavior and consider blocking traffic from this IP to mitigate risk.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-GLOBET-PH |
| ASN | AS132199 |
| Network Name | GBB-SJN-IP-POOL |
| CIDR Block | 180.191.128.0/18 |
| RIR | APNIC |
| Country | PH |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 14% | 6 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 12:34:13 UTC |
| Last Seen | 2026-06-10 15:10:09 UTC |
| Profile Built | 2026-06-10 15:38:36 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.