IP Intelligence Briefing: 193.126.226.14
Date: 2026-06-17
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Network Role: Web Server (HTTP/HTTPS on ports 80/443)
- Ownership:
- ASN 1897 (Almeida Pires, Portugal)
- No recent ownership changes or threats detected.
- Geolocation:
- Lisbon, Portugal (39.4°N, -8.22°E)
- DNSSEC validated, but no geo-plausibility confirmation.
---
**2. Threat Indicators**
- No Malicious Signals:
- No malware, phishing, or spam indicators.
- No DNSBL listings or known attacker associations.
- TLS Certificate:
- Issued to TP-Link (CN=TP-Link, ShenZhen, China).
- Self-signed certificate with no SANs; verify validity.
- Service Fingerprint:
- HTTP/1.1 server with CSP header ("frame-ancestors 'self'").
- No HTTP/2 or HSTS detected.
---
**3. Network Relationships**
- Subnet: 193.126.226.14/24
- Neighbors:
- No active sibling IPs detected (abuse density: 0).
- Linked Entities:
- Repeatedly associated with "PEDRASRAINHA" (potential subnet/network name).
- No direct links to C2 servers, domains, or other IPs.
---
**4. Observation History**
- Recent Activity (2026-06-17):
- Minimal risk score (0.13) with no routing anomalies.
- Stable DNSSEC validation but no geo-consensus.
- Historical Data (2026-06-02):
- HTTP service fingerprinted with 200 OK status.
- No TLS renegotiation or protocol mismatches.
---
**5. Recommendations**
- Monitor Certificate Validity: Verify TP-Link certificate expiration and chain of trust.
- Investigate PEDRASRAINHA: Explore relationships with "PEDRASRAINHA" for potential network ties.
- Baseline Traffic: Track HTTP/HTTPS traffic for unusual patterns (e.g., unexpected TLS versions).
- Subnet Health: Confirm 193.126.226.14/24 remains clean, as no neighbors were detected.
---
Conclusion: Low to moderate risk with no immediate threats. Focus on certificate validation and subnet monitoring. No urgent mitigation required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Almeida Pires |
| ASN | AS1897 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2025-06-10T08:00:34+00:00 |
| Valid Until | 2045-02-25T08:00:34+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 7200 days |
| Serial Number | 102B7A2B3092E464 |
| Thumbprint | 785F53C2F35F74F6166E0F0D1F242C50C6FF1842 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 26% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims CN but primary geo says PT
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:04 UTC |
| Last Seen | 2026-06-23 02:48:49 UTC |
| Profile Built | 2026-06-23 02:51:24 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.