183.82.120.244
IP INTELLIGENCE BRIEFING: 183.82.120.244
Date: [Current Date]
Classification: Moderate Risk
Risk Score: 65/100
---
**Executive Summary**
IP address 183.82.120.244 is a web server infrastructure endpoint registered to Technical Admin Beam Cable System (ASN 18209) within the 183.82.120.128/25 CIDR block. The IP presents a moderate risk profile with elevated threat indicators, including multiple blacklist listings (3/8 total), DNSBL enumeration, and residential infrastructure characteristics. SOC analysts should monitor activity from this IP for potential abuse campaigns.
---
**Infrastructure Profile**
| Attribute | Value |
|---|---|
| **IP Address** | 183.82.120.244/32 |
| **ASN** | 18209 |
| **Organization** | Technical Admin Beam Cable System |
| **Netname** | Beam-BRAS-Pools |
| **Location** | Hyderabad, India (IN) |
| **Service** | Web Server (HTTPS:443) |
| **DNS Hostname** | 183.82.120.244.actcorp.in |
| **TLS Certificate** | CN=firepower |
| **DNSSEC** | Valid |
---
**Threat Intelligence Indicators**
- Abuse Confidence: Multiple DNSBL listings detected (3 of 8 lists)
- Blacklist Status: Listed on 8 total reputation sources
- Infrastructure Type: Residential characteristics observed in historical signals
- Risk Classification: Moderate risk (65/100) with high-severity blacklist flags
- Campaign Correlation: No active campaign matches identified
- Tor/Proxy/VPN: Negative indicators
---
**Observation History**
Analysis of 25 historical observations reveals:
- Recent blacklist activity with high-severity ratings
- DNSSEC validation failures recorded in prior observations
- Infrastructure classification fluctuated between residential and hosting categories
- 25 threat observation events recorded with persistent monitoring required
---
**Network Neighborhood Analysis**
Subnet: 183.82.120.244/24
- Total Siblings: 2 active IPs
- Abuse Density: 0
- Risk Distribution: 1 medium-risk neighbor (183.82.120.1, Risk Score: 40)
- Neighborhood Classification: Mostly clean
---
**Control Plane Data**
- BGP Prefix: 183.82.96.0/19
- Route Stability: Flagged as unstable
- RPKI Status: Not evaluated
- DNSBL Listing: 3 lists (8 total)
---
**Recommended Security Actions**
Priority: High
1. Firewall Rule: Block traffic from 183.82.120.244/32
- `iptables -A INPUT -s 183.82.120.244 -j DROP`
- `nft add rule inet filter input ip saddr 183.82.120.244 drop`
- Cloudflare WAF: Block via expression `ip.src eq 183.82.120.244`
2. Monitoring Enhancement: Increase logging verbosity and review recent activity from this IP due to elevated risk score (65/100)
3. AWS WAF: Add 183.82.120.244/32 to IPSet for blocking
---
**Intelligence Assessment**
The IP exhibits characteristics consistent with compromised or abused residential infrastructure. The combination of moderate risk scoring, multiple blacklist listings, and residential signal indicators suggests potential use for spam, scanning, or other abusive activities. While no active campaign correlation exists, the elevated risk profile warrants defensive blocking and enhanced monitoring.
Status: Active threat indicator requiring mitigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Technical Admin Beam Cable System |
| ASN | AS18209 |
| Network Name | Beam-BRAS-Pools |
| CIDR Block | 183.82.120.128/25 |
| RIR | APNIC |
| Country | IN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 183.82.120.244.actcorp.in |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 183.82.120.244.actcorp.in |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Not signed |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
CN=firepower was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | None |
| Valid From | 2022-08-27T06:47:04+00:00 |
| Valid Until | 2024-11-29T06:47:04+00:00 (expired) |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 825 days |
| Serial Number | 2BD6B745A138815DBDC3D29C1C92EC70D7749D24 |
| Thumbprint | E7829E344E3BDFCEFC5CE033F56EEDB603D41FB3 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 25% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 11:10:08 UTC |
| Last Seen | 2026-06-25 05:26:05 UTC |
| Profile Built | 2026-06-25 05:36:11 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.