188.143.232.79

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 188.143.232.79/32

## Executive Summary

The IP address 188.143.232.79 is a Russian-based endpoint (St. Petersburg) operating under ASN 34665 (Leon Lundberg). The address exhibits a moderate risk score of 40 and is classified as "firewalled / no services" with no active network services detected. However, the address resides within a high-abuse subnet (188.143.232.0/24) with an abuse density of 0.707 and 181 threat-sibling IPs, warranting elevated monitoring.

## Ownership and Geolocation

ASN: 34665
Organization: Leon Lundberg
Registry: RIPE
Location: St. Petersburg, Russia (RU)
Registration: Contact available via RDAP

## Network Classification and Services

Service Purpose: Firewalled / No Services
Open Ports: None detected
DNS Records: No PTR hostnames, no forward resolution
TLS/HTTPS: No certificates detected
Email Authentication: No SPF or DMARC records
Network Role: Not classified as CDN, hosting, VPN, proxy, or Tor exit node

## Threat Indicators

Abuse Confidence: Not explicitly scored
Blacklist Count: 0
DNSBL Listings: 1 of 8 lists (dnsblListedCount)
Tor Exit Node: No
Known Attacker/Spam Source: Not flagged
Threat Feeds: Empty

## Historical Observations

Analysis of 22 observation events reveals:

Most Recent (2026-06-24): Minimal risk operator score (0)
Previous (2026-06-04): Minimal risk operator score (0.2174)
Subnet Classification: High abuse density (0.707) observed
Threat Persistence: Single observation, not persistently malicious

## Neighborhood Analysis (188.143.232.0/24)

Total Subnet IPs: 256
Active Siblings: 109
Threat Siblings: 181
Risk Distribution: 0 high, 30 medium, 70 low
Inherited Risk Score: 28
Key Neighbor IPs: Multiple IPs with risk score 25, authority score 50

## Network Relationships

44 relationships identified, predominantly same-network associations with "LeonLundberg-net" network objects, indicating cluster-based network organization.

## Recommended Security Actions

Monitor: This IP should be placed under heightened monitoring due to its subnet's high abuse density
Block/Allow Decision: No direct services detected; however, the subnet context suggests blocking may be warranted
Correlation: Investigate other 181 threat-sibling IPs within the /24 subnet for coordinated activity
Geo-Filtering: Consider geo-blocking for Russia if policy allows, given the location and subnet abuse profile

## Conclusion

This IP address demonstrates moderate risk in isolation but presents elevated contextual risk due to its residence within a high-abuse subnet. The "firewalled" status with no open services suggests the IP may be dormant or intentionally concealed. SOC analysts should treat traffic from this subnet with caution and investigate the 181 threat-sibling IPs for potential coordinated malicious activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇷🇺 Russia
Region	St.-Petersburg
City	St Petersburg
Timezone	—
Latitude	59.90
Longitude	30.26

🏢 Ownership & Registration

Organization	Leon Lundberg
ASN	AS34665
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	13%	1	1
services	11%	1	2
ownership	20%	2	3
reputation	19%	1	3
geolocation	24%	2	3
Overall	18%	9	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:47 UTC
Last Seen	2026-06-26 18:11:47 UTC
Profile Built	2026-06-24 03:51:21 UTC
Data Freshness	Live
Signal Types	20
Total Observations	26

🔍 20 signal types · 26 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

188.143.232.79📋 Copy