181.191.223.244
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 181.191.223.244
Date: 2026-06-05
---
**1. Core Profile**
- Risk Score: 55 (Moderate Risk)
- Ownership:
- ISP: CONEXIONSUR ISP S.R.L (AS264619)
- Country: Argentina (AR)
- Region: Buenos Aires F.D.
- City: Buenos Aires
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or abuse reports).
- Network Role: Single-service host (SSH on port 22).
---
**2. Observation History (Last 30 Days)**
- Geolocation Consistency: Stable in Buenos Aires, Argentina (MaxMind geolocation).
- Network Changes: No ownership changes or persistent malicious activity.
- Service Activity:
- SSH running (Dropbear banner).
- No TLS certificate or HTTP service detected.
- No DNS resolution or email auth configuration.
---
**3. Relationships & Subnet Context**
- Subnet: 181.191.223.0/24
- Abuse Density: 33% (mixed risk).
- Neighbors:
- High-risk neighbors: 3 IPs (scores 80).
- Medium-risk neighbors: 4 IPs (scores 55).
- Low-risk neighbors: 2 IPs (scores 20).
- Shared Network: Linked to 181.191.220.0/22 (CONEXIONSUR ISP S.R.L).
---
**4. Threat & Security Analysis**
- No Direct Threats: No malware, phishing, or exploit indicators.
- Subnet Risk: Elevated abuse density suggests potential for lateral movement or compromised hosts.
- SSH Security: Dropbear SSH detected; ensure TLS is configured to prevent eavesdropping.
- DNS/Email Vulnerabilities: Missing DNSSEC, SPF, and DMARC records.
---
**5. Recommended Actions**
- Monitor Subnet: Investigate high-risk neighbors for coordinated attacks.
- Secure SSH: Enable TLS for SSH and restrict access to trusted IPs.
- Validate DNS: Configure DNSSEC and email authentication (SPF/DKIM/DMArc) to mitigate spoofing.
- Network Segmentation: Isolate critical services to limit lateral movement if the subnet is compromised.
---
Summary: 181.191.223.244 is a legitimate ISP-owned server with no direct threats but resides in a subnet with elevated risk. Focus on subnet-level monitoring and securing SSH/DNS configurations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | CONEXIONSUR ISP S.R.L |
| ASN | AS264619 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | LACNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear ?a??2?????????@?Scurve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-h |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 19% | 1 | 2 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 26% | 1 | 4 |
| geolocation | 23% | 2 | 2 |
| Overall | 26% | 10 | 18 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:37:38 UTC |
| Last Seen | 2026-06-25 14:02:07 UTC |
| Profile Built | 2026-06-06 18:44:21 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 22 |
๐ 18 signal types ยท 22 observations collected
This report is generated from 18+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.