209.141.32.143

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target IP: 209.141.32.143/32

Classification: Moderate Risk Infrastructure Node

Date: Current Analysis Cycle

---

## EXECUTIVE SUMMARY

IP 209.141.32.143 is classified as a Moderate Risk hosting infrastructure address with a risk score of 40. The IP resides within a colocation hosting environment operated by FranTech Solutions (ASN 53667, PONYNET-04 network). No active threat indicators, known campaigns, or malicious activity were identified. The address resolves to hostname "LittleTwain" and hosts standard web and SSH services.

---

## OWNERSHIP & INFRASTRUCTURE

Attribute	Value
Organization	FranTech Solutions
Netname	PONYNET-04
ASN	53667
CIDR Block	209.141.32.0/19
RIR	ARIN
Infrastructure Type	Colocation Hosting
Service Purpose	Multi-Service Host
Network Role	Hosting Provider

---

## GEOLOCATION DATA

Attribute	Value
Country	United States (US)
Region	Nevada (NV)
City	Las Vegas
Geo Confidence	35%
Geo Validation	RTT distance anomaly detected

*Note: Geo validation flagged an RTT discrepancy of 86,731 km, indicating potential geolocation data inconsistency.*

---

## NETWORK SERVICES & FINGERPRINTING

Service	Port	Protocol	Banner/Status
HTTP	80	TCP	Apache/2.4.41 (Ubuntu)
SSH	22	TCP	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13

Fingerprint Details:

Server Software: Apache 2.4.41
HTTP Version: 1.1
Status Code: 200
Response Time: 183ms
No HSTS, CSP, or HTTP/2 headers present

---

## THREAT INDICATORS

Indicator Type	Status
Known Attacker	No
Spam Source	No
Tor Exit Node	No
Blacklist Count	0
Known Campaigns	None
DNSBL Listed	2 of 8 lists
Abuse Confidence Score	Not Available

---

## DNS ANALYSIS

Attribute	Value
PTR Hostname	LittleTwain
Forward Resolution	Confirmed (1 entry)
Email Auth	SPF: Not configured, DMARC: Not configured
TXT Records	0

---

## NEIGHBORHOOD ANALYSIS

Subnet: 209.141.32.143/24

Abuse Density: 0.5 (Moderate)

Total Siblings: 2

Active Siblings: 2

Threat Siblings: 1

Neighbor IP	Risk Score	Authority Score	Classification
209.141.32.198	49	60	Medium Risk

*Note: Neighbor 209.141.32.198 exhibits elevated risk (Score: 49) and should be monitored for correlated activity.*

---

## OBSERVATION HISTORY

Total Observations: 20

Recent Activity: June 2026

Date	Signal Type	Confidence	Key Findings
2026-06-23	HTTP Fingerprint	80%	Apache 2.4.41, HTTP/1.1
2026-06-21	Campaign Analysis	30%	No campaigns detected
2026-06-21	Geolocation	35%	US, 2,500km accuracy
2026-06-21	Subnet Analysis	40%	Abuse density 0.5, mostly_clean
2026-06-21	Operator Score	60%	Minimal (0.1304)

Temporal Indicators:

Ownership Changes: 0
Threat Persistence Days: 0
Persistently Malicious: No
Is Routable Stable: No

---

## RELATIONSHIP GRAPH

Total Relationships: 33

Relationship Type	Count	Target
Same Network	18+	PONYNET-04
DNS Association	15+	LittleTwain

---

## RECOMMENDED ACTIONS

Based on risk profile analysis:

1. MONITOR Neighbor IP: 209.141.32.198 (Risk Score: 49) shows elevated risk within the same /24 subnet. Correlate traffic patterns.

2. DNSBL Verification: IP appears on 2 of 8 DNSBL lists. Verify current listing status.

3. Baseline Traffic: Establish normal traffic patterns for this hosting IP given the colocation environment.

4. SSH Access Policy: Port 22 is open. Evaluate if inbound SSH access to this IP is expected for legitimate operations.

---

## CONCLUSION

IP 209.141.32.143 represents a legitimate hosting infrastructure node with moderate risk classification. No active malicious indicators were identified. The elevated abuse density (0.5) in the /24 subnet and the presence of a higher-risk neighbor (209.141.32.198) warrant ongoing monitoring. The infrastructure serves standard web and SSH services without evidence of exploitation or command-and-control activity.

Recommendation: Continue monitoring with standard procedures. No immediate blocking required unless correlation with known threat actors occurs.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NV
City	Las Vegas
Timezone	—
Latitude	36.10
Longitude	-115.14

🏢 Ownership & Registration

Organization	FranTech Solutions
ASN	AS53667
Network Name	PONYNET-04
CIDR Block	209.141.32.0/19
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	LittleTwain
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`LittleTwain`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Multi-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

Hosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13
Closed Ports	25, 443, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Apache/2.4.41 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	35%	2	4
ownership	27%	2	3
reputation	13%	1	2
geolocation	27%	2	3
Overall	24%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-06-03 00:13:10 UTC
Last Seen	2026-06-29 11:39:19 UTC
Profile Built	2026-06-29 11:44:37 UTC
Data Freshness	Live
Signal Types	22
Total Observations	23

🔍 22 signal types · 23 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

209.141.32.143📋 Copy