185.255.212.23
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 185.255.212.23
Date: 2026-06-17
---
**1. Risk Profile**
- Risk Score: 55 (Moderate Risk)
- Threat Indicators: No known malicious activity, spam, or attacker associations.
- Network Role: Web server (port 443 open via HTTPS).
- Geolocation: Bulgaria (BG), Burgas region, Karnobat city (latitude 42.73, longitude 25.49).
---
**2. Ownership & Infrastructure**
- ASN: 200475 (IPACCT-MNT registry).
- Subnet: 185.255.212.0/22.
- Network Classification: Mixed-use subnet (7 high-risk, 21 medium-risk neighbors).
- DNS: Associated with `185.255.212.23.ip.karnobat.net`.
---
**3. Threat & Historical Context**
- Observations:
- Minimal risk detected in recent scans (confidence: 60%).
- Mixed signals over 30 days (confidence: 21.5%).
- No persistent malicious activity or campaign correlations.
- Neighborhood Risk: 28 sibling IPs in the /24 subnet; 10 flagged as high-risk.
---
**4. Relationships & Dependencies**
- Linked Entities:
- Same network: BG-KARNOBATNET.
- DNS: `185.255.212.23.ip.karnobat.net`.
- Routing: BGP prefix `185.255.212.0/22` with stable route (no recent changes).
---
**5. Recommendations**
- Monitor Neighbors: 10 high-risk IPs in the same subnet may indicate network compromise.
- Verify DNS: Investigate `karnobat.net` for potential spoofing or misconfigurations.
- Traffic Analysis: Scrutinize HTTPS traffic to ensure no unexpected data exfiltration.
- Subnet Review: Assess the /22 subnet for broader risk exposure.
---
Summary: 185.255.212.23 is a moderate-risk web server in Bulgaria with no direct threat indicators. However, its /24 subnet contains multiple high-risk neighbors, warranting closer monitoring. No immediate action required, but contextualize within broader network security posture.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IPACCT-MNT |
| ASN | AS200475 |
| Network Name | โ |
| CIDR Block | 185.255.212.0/22 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 185.255.212.23.ip.karnobat.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 185.255.212.23.ip.karnobat.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 26% | 2 | 3 |
| ownership | 29% | 3 | 4 |
| reputation | 17% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 27% | 12 | 18 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:01 UTC |
| Last Seen | 2026-06-23 01:13:13 UTC |
| Profile Built | 2026-06-23 01:20:02 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 28 |
๐ 27 signal types ยท 28 observations collected
This report is generated from 27+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.