Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP 185.242.3.211/32
Observation History:
- The IP address 185.242.3.211/32 has been active since [Date of First Observation]. It has been observed engaging in various network activities that have been flagged by multiple monitoring tools over the past [X] months.
Ownership and Affiliation:
- The IP address is registered to [Organization Name], located in [Country/City]. This entity is known for [Primary Business Activities], and the IP address is assigned to a server used for [Specific Application/Service].
Activity and Behavior:
- Network traffic analysis indicates that 185.242.3.211/32 has been involved in [Type of Traffic] with notable peaks during [Time Periods]. The traffic patterns suggest [Specific Behavior], such as [Data Transfer, Web Hosting, etc.].
- Historical data shows that the IP address has been associated with [Number] distinct domain names, primarily related to [Industry/Service Type]. These domains have been used for [Legitimate/Questionable Activities].
Threat Indicators:
- The IP address has been flagged by several threat intelligence feeds as potentially malicious due to [Specific Indicators], such as [Malware Distribution, Phishing Attempts, etc.].
- Past incidents include [Number] reported compromises or suspicious activities, including [Specific Incidents], which were mitigated by [Actions Taken by the Entity or Security Teams].
Relationships and Associations:
- 185.242.3.211/32 has been observed communicating with [Number] known malicious IP addresses and domains, suggesting potential involvement in [Type of Cyber Threat].
- The IP address is part of a network cluster with [Number] neighboring IPs, some of which have also been flagged for similar activities.
Neighborhood Data:
- The IP address is located within a subnet that includes both legitimate and compromised entities. Neighboring IPs have exhibited behaviors such as [List of Behaviors], which may indicate a shared threat environment.
- Analysis of the subnet suggests [Potential Threats or Risks], including [Specific Risks], which could impact adjacent networks.
Recommendations:
- Continuous monitoring of 185.242.3.211/32 is advised, with particular attention to [Specific Indicators] and [Potential Threats].
- Implement [Security Measures] to mitigate risks associated with traffic from this IP, such as [Firewall Rules, Intrusion Detection Systems, etc.].
- Conduct further investigation into associated domains and neighboring IPs to assess the broader threat landscape.
Conclusion:
The IP address 185.242.3.211/32 presents potential security risks due to its observed activities and associations with known threats. SOC teams should prioritize monitoring and defensive measures to protect against potential exploitation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FELCLOUDNET-MNT |
| ASN | AS60223 |
| Network Name | β |
| CIDR Block | 185.242.3.0/24 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | β |
| Closed Ports | 25, 80, 443, 3389, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u7 |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 38% | 4 | 5 |
| services | 19% | 2 | 2 |
| ownership | 35% | 3 | 6 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 30% | 14 | 23 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 23:38:37 UTC |
| Last Seen | 2026-06-15 18:01:51 UTC |
| Profile Built | 2026-06-15 20:50:12 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 58 |
π 28 signal types Β· 58 observations collected
This report is generated from 28+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.