196.0.120.211
IP Intelligence Briefing: 196.0.120.211
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership: Registered to Kevin Mugaya Francis (AS21491, Uganda Telecom, AFRINIC).
- Geolocation: Kampala, Uganda (0.32°N, 32.57°E).
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP activity).
- Threat Indicators: No direct malicious signals (no abuse confidence, no blacklists, no campaigns).
---
**2. Observation History**
- Latest Activity: 2026-06-17 (confidence 0.95).
- Key Signals:
- DNSSEC valid, but listed in 2/8 DNSBLs (potential trust risk).
- Pulse count of 50 (unclear context, may indicate benign traffic).
- No persistent threats or campaign correlations.
- Trends: No significant changes in risk scores or geolocation over time.
---
**3. Relationships**
- Network Connections:
- Linked to ORG-UTL1-AFRINIC (same ASN, AFRINIC-regulated).
- No known connections to malicious organizations, campaigns, or C2 servers.
- DNS:
- PTR record: `xen2.utclonline.co.ug` (co.ug domain).
- No email authentication (SPF/DKIM) detected.
---
**4. Neighborhood Analysis**
- Subnet: 196.0.120.211/24.
- Abuse Density: 1/10 (low risk).
- Neighbors:
- 196.0.120.6 (risk score 50, authority score 60): Moderate risk; investigate for potential lateral movement or shared infrastructure.
---
**5. Recommendations**
- Monitor Neighbors: Focus on 196.0.120.6 for anomalies (e.g., unexpected traffic patterns).
- Verify DNSSEC: Confirm DNSSEC validity and review DNSBL listings for potential misconfigurations.
- Network Segmentation: Ensure firewalled subnets (e.g., 196.0.120.0/24) are isolated from critical assets.
- Threat Intelligence: Cross-reference with DNSBLs and regional threat feeds (AFRINIC/UGanda-specific).
---
Conclusion: The IP is associated with a Ugandan telecom provider and shows no direct malicious activity. However, the presence of a moderately risky neighbor and DNSBL listings warrants further investigation. SOC teams should prioritize monitoring the subnet and validating DNS configurations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Kevin Mugaya Francis |
| ASN | AS21491 |
| Network Name | ORG-UTL1-AFRINIC |
| CIDR Block | 196.0.0.0/16 |
| RIR | AFRINIC |
| Country | UG |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | xen2.utclonline.co.ug |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | xen2.utclonline.co.ug |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-23 03:42:50 UTC |
| Profile Built | 2026-06-23 03:50:03 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.