187.108.86.206
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP 187.108.86.206/32
Summary:
IP 187.108.86.206/32 has been observed in association with activities that indicate potential cybersecurity risks. The data collected suggests involvement with known malicious behavior, including hosting of suspicious content and association with threat actors.
Profile:
- Classification: The IP address has been classified as potentially malicious. It is associated with hosting services that have been linked to phishing campaigns and malware distribution.
- ASN Information: The IP is associated with China Telecom (AS4134), indicating its geographic origin and potential affiliations.
Observation History:
- Malware Distribution: The IP has been identified in various cybersecurity threat reports as being used to host malware payloads. This includes ransomware and banking trojans.
- Phishing Campaigns: The address was involved in delivering phishing emails. These campaigns targeted financial institutions and used social engineering tactics to deceive recipients.
- DGA Domains: DNS queries originating from this IP have been associated with domains generated by Domain Generation Algorithms (DGAs), commonly used by malware to establish command and control (C2) communications.
Relationships and Affiliations:
- Threat Actor TTPs: The behaviors observed from this IP are consistent with tactics, techniques, and procedures (TTPs) of known threat actors, including APT groups linked to China.
- Infrastructure Sharing: The IP has been observed sharing infrastructure with other malicious IPs, suggesting a coordinated effort in cyber operations.
Neighborhood Data:
- Proximity to Other Malicious IPs: The IP resides in a network block with several other IPs flagged for malicious activities, including spam distribution and illegal content hosting.
- Subnet Analysis: The subnet 187.108.86.0/24 contains multiple IPs with similar threat profiles, indicating a cluster of compromised or maliciously configured systems.
Actionable Recommendations:
- Network Monitoring: Increase monitoring of network traffic to and from this IP. Implement deep packet inspection to identify potential malicious payloads.
- Email Filtering: Enhance email filtering rules to block communications originating from or directed to this IP. Focus on detecting phishing attempts.
- Incident Response Preparedness: Prepare incident response teams for potential breaches involving malware delivery from this IP. Ensure readiness to isolate affected systems and conduct forensic analysis.
This intelligence should be integrated into the organization's broader cybersecurity strategy to mitigate potential threats associated with IP 187.108.86.206/32.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Conquest Telecomunicações Ltda |
| ASN | AS262674 |
| Network Name | 137933 |
| CIDR Block | 187.108.80.0/20 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 187-108-86-206.conqnet.com.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 187-108-86-206.conqnet.com.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
โ Unusual for residential โ open services on a home connection may indicate self-hosting, compromise, or misconfigured networking equipment.
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 4 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 2 |
| Overall | 24% | 10 | 17 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-13 06:37:51 UTC |
| Last Seen | 2026-06-26 18:10:56 UTC |
| Profile Built | 2026-06-26 05:16:27 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
๐ 22 signal types ยท 23 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.