IPDebrief

194.124.211.70

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 194.124.211.70

Date: 2026-06-07

---

**1. Core Profile**

- ASN: 50053

- Organization: Anton Levin

- Location: Netherlands (NL)

- Latitude: 52.13 | Longitude: 5.29

- Timezone: Europe/Amsterdam

- Service: Web server (HTTPS/SSH)

- CDN: Cloudflare (server banner: "cloudflare")

- TLS Certificate: Issued to "www.cloudflare.com"

---

**2. Threat Indicators**

- No malware indicators, blacklist entries, or known attacker associations.

- DNS Resolution: Errors encountered during DNS lookups (likely internal or misconfigured).

- Observed in 28 signals over 30 days (last 6/6/2026).

- Cloudflare Usage: Persistent HTTPS service with HTTP/2.

- DNSSEC Valid: True; DNSBL listings (2/8 total).

---

**3. Network Relationships**

- Abuse Density: 0% (subnet classified as "mostly_clean").

- Active Siblings: 0 | Threat Siblings: 1 (no direct connections).

- Linked to 30+ network entities (e.g., "NET-NL" networks).

- DNS errors suggest potential misconfiguration or internal testing.

---

**4. Recommended Actions**

- Block the IP using:

```bash

iptables -A INPUT -s 194.124.211.70 -j DROP

nft add rule inet filter input ip saddr 194.124.211.70 drop

```

- Update Cloudflare/WAF rules to block the IP (see `ipdebrief_actions` for full configs).

- Investigate DNS resolution errors; verify if the IP is part of internal testing.

- Monitor for unexpected TLS certificate changes or new subdomains.

---

**5. Summary**

This IP is associated with a Cloudflare-hosted web server and shows no direct malicious activity. While its risk score is moderate, the DNS resolution errors and subnet abuse density warrant closer scrutiny. Use the provided firewall rules as a precaution, but prioritize further investigation into the DNS anomalies and network relationships.

Next Steps: Validate DNS errors with internal teams; correlate with other threat intelligence sources.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ณ๐Ÿ‡ฑ Netherlands
RegionDrenthe
Cityโ€”
TimezoneEurope/Amsterdam
Latitude52.13
Longitude5.29

๐Ÿข Ownership & Registration

OrganizationAnton Levin
ASNAS50053
Network Nameโ€”
CIDR Block194.124.211.0/24
RIRRIPE
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score80% (Excellent)
SPFPresent
DMARCPresent
FCrDNSNot verified
DNSSECValid
CAAPresent

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierTier 3 โ€” Basic operator with some routing infrastructure
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
443httpstcpโ€”
22sshtcp
Closed Ports25, 80, 3389, 8080, 8443 (2 open / 7 scanned)
Servercloudflare
HTTP Titleโ€”
SSH VersionSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

๐Ÿ” TLS Certificate

๐Ÿ”’
CN=www.cloudflare.com
Issued by CN=WE1, O=Google Trust Services, C=US
Self-signed: No
SANswww.cloudflare.com
Valid From2026-05-07T16:54:23+00:00
Valid Until2026-08-05T17:54:15+00:00

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
40%
25
routing
27%
23
services
29%
24
ownership
30%
34
reputation
22%
13
geolocation
27%
23
Overall29%1222
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-13 19:04:33 UTC
Last Seen2026-06-06 23:41:36 UTC
Profile Built2026-06-07 00:15:24 UTC
Data FreshnessLive
Signal Types26
Total Observations28
๐Ÿ” 26 signal types ยท 28 observations collected
This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.