185.214.138.88
IP Intelligence Briefing: 185.214.138.88
*Generated for SOC Analysts*
---
**Key Findings**
1. Risk Profile:
- Risk Score: 80 (High Risk)
- Ownership: Registered to Antonio Alcaraz (ASN 41368).
- Geolocation: Spain (Los Gallardos, Andalusia).
- Network Role: Web server (HTTPS on port 443).
- Threat Indicators: No direct malicious activity detected, but 4 DNSBL listings (e.g., Spamhaus, OpenBL).
2. Subnet Analysis:
- /24 Network: 185.214.138.0/24.
- Abuse Density: 8.3% (1 high-risk neighbor, 10 medium-risk, 1 low-risk).
- Notable Neighbor: 185.214.138.24 (risk score 80).
3. Historical Observations:
- Recent activity (June 7, 2026) shows minimal risk, but older data indicates inconsistent DNSSEC validation and DNSBL associations.
4. Relationships:
- Linked to ES-NEXTCOMUNICACIONES-IN (AS41368).
- No direct connections to known malicious entities.
---
**Actionable Insights**
- Monitor Subnet: The /24 subnet has a 8.3% abuse density, with one high-risk neighbor. Investigate 185.214.138.24 for potential lateral movement.
- Check DNSBL Listings: Verify if the IP is flagged on Spamhaus or OpenBL.
- Validate Geolocation: Confirm the IPโs location in Spain aligns with the registered organization.
- Inspect TLS Certificates: Ensure the HTTPS service (port 443) uses valid certificates and does not exhibit misconfigurations.
---
**Recommendations**
- Firewall Rules: Block traffic from high-risk neighbors (e.g., 185.214.138.24) using iptables/nftables.
- DNS Monitoring: Track DNSSEC validation failures and DNSBL updates for this subnet.
- Threat Hunting: Correlate with other IPs in the ES-NEXTCOMUNICACIONES-IN ASN for potential network-wide threats.
*Generated via IPDebrief threat intelligence tools.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Antonio Alcaraz |
| ASN | AS41368 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 2 |
| routing | 23% | 1 | 1 |
| services | 31% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 27% | 2 | 2 |
| Overall | 27% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-14 07:13:44 UTC |
| Last Seen | 2026-06-26 18:10:54 UTC |
| Profile Built | 2026-06-26 10:25:20 UTC |
| Data Freshness | Fresh |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.