194.124.211.70
IP Intelligence Briefing: 194.124.211.70
Date: 2026-06-07
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership:
- ASN: 50053
- Organization: Anton Levin
- Location: Netherlands (NL)
- Geolocation:
- Latitude: 52.13 | Longitude: 5.29
- Timezone: Europe/Amsterdam
- Network Role:
- Service: Web server (HTTPS/SSH)
- CDN: Cloudflare (server banner: "cloudflare")
- TLS Certificate: Issued to "www.cloudflare.com"
---
**2. Threat Indicators**
- No Direct Threats:
- No malware indicators, blacklist entries, or known attacker associations.
- DNS Resolution: Errors encountered during DNS lookups (likely internal or misconfigured).
- Historical Activity:
- Observed in 28 signals over 30 days (last 6/6/2026).
- Cloudflare Usage: Persistent HTTPS service with HTTP/2.
- DNSSEC Valid: True; DNSBL listings (2/8 total).
---
**3. Network Relationships**
- Subnet: 194.124.211.0/24
- Neighbors:
- Abuse Density: 0% (subnet classified as "mostly_clean").
- Active Siblings: 0 | Threat Siblings: 1 (no direct connections).
- Associations:
- Linked to 30+ network entities (e.g., "NET-NL" networks).
- DNS errors suggest potential misconfiguration or internal testing.
---
**4. Recommended Actions**
- Firewall Rules:
- Block the IP using:
```bash
iptables -A INPUT -s 194.124.211.70 -j DROP
nft add rule inet filter input ip saddr 194.124.211.70 drop
```
- Update Cloudflare/WAF rules to block the IP (see `ipdebrief_actions` for full configs).
- Monitoring:
- Investigate DNS resolution errors; verify if the IP is part of internal testing.
- Monitor for unexpected TLS certificate changes or new subdomains.
---
**5. Summary**
This IP is associated with a Cloudflare-hosted web server and shows no direct malicious activity. While its risk score is moderate, the DNS resolution errors and subnet abuse density warrant closer scrutiny. Use the provided firewall rules as a precaution, but prioritize further investigation into the DNS anomalies and network relationships.
Next Steps: Validate DNS errors with internal teams; correlate with other threat intelligence sources.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Anton Levin |
| ASN | AS50053 |
| Network Name | โ |
| CIDR Block | 194.124.211.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | cloudflare |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | www.cloudflare.com |
| Valid From | 2026-05-07T16:54:23+00:00 |
| Valid Until | 2026-08-05T17:54:15+00:00 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 5 |
| routing | 27% | 2 | 3 |
| services | 29% | 2 | 4 |
| ownership | 30% | 3 | 4 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 29% | 12 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 19:04:33 UTC |
| Last Seen | 2026-06-06 23:41:36 UTC |
| Profile Built | 2026-06-07 00:15:24 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 28 |
Full dossier details are available via our API.