IP Intelligence Briefing: 196.190.43.162
Date: 2026-06-17
Risk Profile:
- Risk Score: 80/100 (High Risk)
- Provider: Ethio Telecom (AS24757)
- Geolocation: Milan, Italy (IT)
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP activity detected).
Threat Indicators:
- Listed in 4/8 DNSBLs (high-severity threat feeds).
- Subnet abuse density: 1 (mostly clean, but 2/2 sibling IPs flagged).
- No active campaigns, spam, or Tor associations.
Observation History:
- Observed on 2026-06-14 and 2026-06-17, with DNSBL listings and network analysis.
- No persistent malicious activity or ownership changes.
Relationships:
- Linked to subnet 196.190.43.0/24 (Ethio Telecom).
- Neighboring IPs:
- 196.190.43.161 (risk score: 80).
Recommended Actions:
1. Block the IP across firewalls (iptables, nftables, Cloudflare WAF, AWS WAF).
2. Monitor DNSBL listings and subnet activity for lateral movement.
3. Verify if the IP is part of a broader network compromise due to its high-risk neighbor.
Context:
The IPโs high risk stems from DNSBL associations and subnet abuse density, but no direct malicious services or campaigns are detected. Soc teams should prioritize blocking and investigate potential linked assets.
Source: IPDebrief Threat Intelligence Platform.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ethio Telecom |
| ASN | AS24757 |
| Network Name | 196.190.43.0 - 196.190.43.255 |
| CIDR Block | 196.190.43.0/24 |
| RIR | AFRINIC |
| Country | ET |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13 |
๐ TLS Certificate
| SANs | atrons.com.etwww.atrons.com.et |
| Valid From | 2026-06-15T20:49:41+00:00 |
| Valid Until | 2026-09-13T20:49:40+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 05E11173CE27970FDCE9013DF07040A86978 |
| Thumbprint | B127092914A7B8357487245CF8B615F82603DC13 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 21% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 18% | 8 | 12 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-26 18:11:01 UTC |
| Profile Built | 2026-06-26 04:39:32 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.