IPDebrief

196.0.120.211

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 196.0.120.211

*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*

---

**1. Core Profile**

---

**2. Observation History**

- DNSSEC valid, but listed in 2/8 DNSBLs (potential trust risk).

- Pulse count of 50 (unclear context, may indicate benign traffic).

- No persistent threats or campaign correlations.

---

**3. Relationships**

- Linked to ORG-UTL1-AFRINIC (same ASN, AFRINIC-regulated).

- No known connections to malicious organizations, campaigns, or C2 servers.

- PTR record: `xen2.utclonline.co.ug` (co.ug domain).

- No email authentication (SPF/DKIM) detected.

---

**4. Neighborhood Analysis**

- 196.0.120.6 (risk score 50, authority score 60): Moderate risk; investigate for potential lateral movement or shared infrastructure.

---

**5. Recommendations**

---

Conclusion: The IP is associated with a Ugandan telecom provider and shows no direct malicious activity. However, the presence of a moderately risky neighbor and DNSBL listings warrants further investigation. SOC teams should prioritize monitoring the subnet and validating DNS configurations.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐ŸŒ UG
RegionC
CityKampala
Timezoneโ€”
Latitude0.32
Longitude32.57

๐Ÿข Ownership & Registration

OrganizationKevin Mugaya Francis
ASNAS21491
Network NameORG-UTL1-AFRINIC
CIDR Block196.0.0.0/16
RIRAFRINIC
CountryUG
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTRxen2.utclonline.co.ug
Forward ConfirmedYes โ€” FCrDNS verified
Forward Hostnamesxen2.utclonline.co.ug

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierTier 3 โ€” Basic operator with some routing infrastructure
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
34%
24
routing
13%
11
services
26%
23
ownership
15%
22
reputation
23%
13
geolocation
13%
11
Overall21%914
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-07 23:04:05 UTC
Last Seen2026-06-23 03:42:50 UTC
Profile Built2026-06-23 03:50:03 UTC
Data FreshnessLive
Signal Types19
Total Observations22
๐Ÿ” 19 signal types ยท 22 observations collected
This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.