197.232.33.198
# INTELLIGENCE BRIEFING: 197.232.33.198/32
Date: 2026-06-18
Classification: Moderate Risk
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP address 197.232.33.198 is classified as Moderate Risk (Risk Score: 40) with no active threat indicators. The address is associated with ASN 36866 (Michael Odongo) and is geolocated to London, GB. Network reconnaissance indicates the IP is firewalled with no open services or active ports.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **ASN** | 36866 |
| **Organization** | Michael Odongo |
| **CIDR Block** | 197.232.33.0/24 |
| **RIR** | AfriNIC |
| **Registration** | 7,594 days (RIR delegation) |
| **BGP Prefix** | 197.232.0.0/16 |
| **Route Stability** | Stable (No route changes in 30 days) |
Network Transit: Traffic routes through Comcast and Cogent transit networks. RPKI and DNSSEC validation confirmed.
---
## THREAT ASSESSMENT
Current Risk Profile:
- Risk Score: 40 (Moderate)
- Abuse Confidence: Not elevated
- Blacklist Count: 0
- Known Campaigns: None detected
Threat Indicators:
- Not a Tor exit node
- Not classified as known attacker
- Not identified as spam source
- No threat feed matches
- No associated malware campaigns
Network Classification:
- Service Purpose: Firewalled / No Services
- Infrastructure Type: Not CDN, cloud, VPN, proxy, hosting, mobile, or residential
- Bogon Status: No
---
## GEOLOCATION VALIDATION
| Attribute | Value |
|---|---|
| **Country** | United Kingdom (GB) |
| **City** | London |
| **GeoPlausible** | False |
| **GeoConsensus** | False |
| **Accuracy** | Insufficient data points (2 sources, consensus not reached) |
Note: Geolocation data shows low confidence. Distance and RTT validation not applicable.
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 197.232.33.0/24
- Abuse Density: 1 (Elevated relative to subnet baseline)
- Classification: Mostly clean
- Total Siblings: 1 active sibling
- Threat Siblings: 1 (Correlated malicious activity in subnet)
- Inherited Risk: 2
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 0
---
## OBSERVATION HISTORY
Recent Signals (June 2026):
- 2026-06-18 00:05: Subnet abuse density observed at 1; classification "mostly_clean"
- 2026-06-18 00:02: No certificate or banner matches; campaign likelihood "none"
- 2026-06-18 00:00: Operator label "Basic"; route stability confirmed
- 2026-06-02 22:12: Port scan detected (services section not fully resolved)
Temporal Indicators:
- Threat Persistence Days: 0 (No persistent malicious activity)
- Ownership Changes: 0 (Stable ownership)
- Threat Observation Count: 1
---
## RELATIONSHIP ANALYSIS
Identified Relationships: 13 total
- All relationships point to same network: 197.232.33.0 - 197.232.33.255
- No external entity associations (hostnames, organizations, certificates)
---
## SERVICES & DNS RECONNAISSANCE
DNS Resolution:
- PTR Hostnames: None
- Forward Resolution: No confirmed records
- Hosted Domains: 0
- Email Auth: No SPF/DMARC records
Service Scan:
- Open Ports: None detected
- HTTP/TLS: No service banners or certificates
- HTTP2/Security Headers: Not present
---
## SECURITY ACTIONS RECOMMENDATIONS
No specific firewall or blocking actions required based on current risk profile. However, SOC teams should:
1. Monitor subnet activity: One correlated threat sibling identified in /24
2. Validate geolocation: Current data shows low confidence in London attribution
3. Review port scan history: Scanning activity noted on 2026-06-02
4. Track ownership stability: Stable ASN 36866 registration over 7+ years
---
## INTELLIGENCE CONCLUSION
IP 197.232.33.198 presents a Moderate Risk profile with no active malicious indicators. The subnet shows elevated abuse density relative to baseline, with one correlated threat sibling requiring situational awareness. No immediate blocking or mitigation actions are recommended. Continuous monitoring advised due to subnet-level threat correlation.
Confidence Level: Medium (Limited geolocation validation, subnet-level threat correlation present)
---
*Report generated via IPDebrief intelligence platform. All data sourced from automated security signal collection and analysis.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Michael Odongo |
| ASN | AS36866 |
| Network Name | 197.232.33.0 - 197.232.33.255 |
| CIDR Block | 197.232.33.0/24 |
| RIR | AFRINIC |
| Country | KE |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 30% | 3 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 23% | 11 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-23 03:57:08 UTC |
| Profile Built | 2026-06-23 04:04:33 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.