196.50.83.166
IP Intelligence Briefing: 196.50.83.166
Date: 2026-06-07
---
**Core Profile**
- Risk Score: 70/100 (High Risk)
- Ownership:
- ASN: 37650
- Organization: Dewald Van Eck (AFRINIC)
- Network: 196.50.64.0/18
- Geolocation:
- Country: South Africa (ZA)
- City: Lydenburg
- Coordinates: Latitude -29, Longitude 24
- Threat Indicators:
- No direct malicious indicators (no DNS, TLS, or service anomalies).
- Network Role: Unknown (no services, no CDN/mobile/residential flags).
---
**Observation History**
- Recent Activity (Last 30 Days):
- 13 observations, with 7 linked to geolocation and network routing.
- Notable:
- Minimal operator risk score (0.13).
- 18 pulse hits from Alienvault-OTX, linked to potential threat campaigns (exact names redacted).
- DNSSEC validation active, but no CAA records.
- Trend: No persistent malicious activity detected, but elevated risk due to network-level signals.
---
**Relationships**
- Linked Entities:
- All relationships point to ORG-CVAS1-AFRINIC (Dewald Van Eck).
- No external subnets, hostnames, or certificates associated.
- Implication: Isolated within its network; no external connections detected.
---
**Neighborhood Analysis**
- Subnet: 196.50.83.166/24
- Neighbor Data:
- 0 active siblings in the subnet.
- Abuse Density: 0% (no malicious neighbors).
- Anomaly: No neighboring IPs reported, suggesting a standalone or newly registered host.
---
**Recommended Actions**
1. Block the IP:
- Implement firewall rules (iptables, nftables, AWS WAF, etc.) to deny traffic from 196.50.83.166.
- Example:
```bash
iptables -A INPUT -s 196.50.83.166 -j DROP
```
2. Monitor for Anomalies:
- Track DNS and TLS activity for unexpected changes.
- Investigate the 18 pulse hits from Alienvault-OTX to confirm threat context.
3. Verify Ownership:
- Confirm Dewald Van Eckβs legitimacy and check for historical abuse reports on the 196.50.64.0/18 subnet.
---
**Conclusion**
This IP exhibits a high risk score despite no direct malicious indicators, likely due to network-level signals (e.g., pulse hits) or association with a high-risk ASN. While the subnet shows no abuse density, the IPβs isolation and elevated risk warrants proactive blocking and continuous monitoring. Further investigation into the ASNβs historical activity is recommended.
Source: IPDebrief Threat Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Dewald Van Eck |
| ASN | AS37650 |
| Network Name | ORG-CVAS1-AFRINIC |
| CIDR Block | 196.50.64.0/18 |
| RIR | AFRINIC |
| Country | ZA |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 13% | 1 | 1 |
| geolocation | 13% | 1 | 1 |
| Overall | 14% | 7 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 19:28:41 UTC |
| Last Seen | 2026-06-18 13:32:19 UTC |
| Profile Built | 2026-06-07 08:45:49 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 23 |
Full dossier details are available via our API.