199.195.251.168
# IP Intelligence Briefing: 199.195.251.168
Classification: Hosting Infrastructure | Risk Level: Low | Date: June 2026
## Executive Summary
IP 199.195.251.168 operates within a Yahoo-owned hosting environment on the Frantech/BuyVM network. The address presents low risk (score: 25/100) with no active threat indicators. The IP serves Yahoo Holdings Inc. web infrastructure, with one neighboring IP (199.195.251.119) showing elevated risk (49/100).
## Network Profile
| Attribute | Value |
|---|---|
| **ASN** | 53667 (Frantech Solutions) |
| **Organization** | FranTech Solutions / Frantech/BuyVM |
| **Location** | New York, NY, US |
| **Network Role** | Web Server / Colocation Hosting |
| **DNSBL Status** | Listed on 1 of 8 threat feeds |
## Infrastructure Analysis
Open Services:
- Port 443/TCP (HTTPS): Primary web service with ATS server fingerprint
- Port 22/TCP (SSH): SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.11
TLS Certificate:
- Issuer: DigiCert Global G2 TLS RSA SHA256 2020 CA1
- Subject: CN=yahoo.com (Yahoo Holdings Inc.)
- Valid SANs: yahoo.com, tw.rd.yahoo.com, s.yimg.com, mbp.yimg.com, hk.rd.yahoo.com
DNS Configuration:
- DMARC: Present (p=reject, pct=100)
- SPF: Not configured
- TXT Records: 13 records observed
- DNSSEC: Validated
## Threat Indicators
Current Status: No active threat indicators
- Known attacker: False
- Tor exit node: False
- Known spam source: False
- Campaign matches: 0
- Blacklist count: 0
Control Plane:
- Route stability: Unstable
- RPKI state: Not evaluated
- Route changes (30d): 0
- Operator score: 0.1304 (Minimal)
- DNSBL listed: 1
## Observation History
Analysis of 24 signals reveals consistent infrastructure behavior:
- 2026-06-28: Confirmed hosting provider assignment (Frantech/BuyVM), no CDN/TOR/VPN characteristics
- 2026-06-23: HTTP/2 enabled, 404 response (ATS server), no HTTP Strict Transport Security
- 2026-06-20: DMARC reject policy active, DNSSEC operator score minimal
Temporal analysis indicates no persistent malicious activity (threat persistence: 0 days).
## Neighborhood Analysis (199.195.251.0/24)
| Metric | Value |
|---|---|
| Subnet Classification | Mostly Clean |
| Abuse Density | 0 |
| Active Siblings | 2 of 2 |
| Inherited Risk | 5 |
Elevated Risk Neighbor:
- 199.195.251.119: Risk Score 49/100, Authority Score 50/100
## Recommended Actions
Firewall/Access Control:
- Permitted traffic patterns consistent with legitimate Yahoo hosting operations
- No immediate blocking required based on current risk profile
Monitoring Recommendations:
- Monitor for changes in TLS certificate subjects or SANs
- Track 199.195.251.119 for potential correlated activity
- Maintain awareness of DMARC policy enforcement
## Conclusion
The IP represents legitimate Yahoo-owned web infrastructure hosted on Frantech/BuyVM. Risk score of 25 reflects standard hosting provider classification with no active malicious indicators. The single DNSBL listing and geolocation validation anomaly (19ms RTT vs. 119.7ms minimum for 5,987km distance) warrant routine monitoring but do not indicate compromise. Focus attention on neighboring IP 199.195.251.119, which demonstrates elevated risk characteristics.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | 1/3 domains |
| DMARC | 3/3 domains |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 3 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | ATS |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.11 |
π TLS Certificate
| SANs | yahoo.comtw.rd.yahoo.coms.yimg.commbp.yimg.comhk.rd.yahoo.comfr-ca.rogers.yahoo.comddl.fp.yahoo.comca.rogers.yahoo.comca.my.yahoo.combrb.yahoo.net |
| Valid From | 2026-03-03T00:00:00+00:00 |
| Valid Until | 2026-08-26T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 176 days |
| Serial Number | 0A71E31DB862583C0EBE662E96B67486 |
| Thumbprint | E65DE673FF42DC7109457A31E61B065BED149B7E |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-16 21:00:17 UTC |
| Last Seen | 2026-06-28 03:55:36 UTC |
| Profile Built | 2026-06-28 22:00:43 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.