IPDebrief

209.38.69.153

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Intelligence Briefing: IP 209.38.69.153/32

Summary:

The IP address 209.38.69.153, part of the /32 subnet, was observed to have connections with several domains and services that have been flagged for potential cybersecurity risks. The activity associated with this IP address included interactions with known malicious domains and services, indicating potential involvement in cyber threats such as phishing and malware distribution.

Observation History:

The IP address 209.38.69.153 was seen engaging in suspicious activities over multiple observation periods. These activities were primarily associated with connections to domains known for hosting phishing sites and distributing malware. The interactions included both direct and indirect connections, with frequent changes in the associated domain names to evade detection.

Relationships:

Neighborhood Data:

Actionable Insights:

Conclusion:

The IP address 209.38.69.153/32 demonstrated significant indicators of compromise through its associations with malicious domains and services. SOC teams should prioritize monitoring and response actions to mitigate potential threats originating from this address.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionCA
CitySanta Clara
Timezoneβ€”
Latitude37.39
Longitude-121.96

🏒 Ownership & Registration

OrganizationDigitalOcean, LLC
ASNAS14061
Network Nameβ€”
CIDR Block209.38.64.0/20
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeSingle-Service Host
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
22sshtcp
Closed Ports25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”
SSH VersionSSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
31%
24
routing
24%
23
services
12%
22
ownership
35%
35
reputation
28%
13
geolocation
25%
22
Overall26%1219
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:04:10 UTC
Last Seen2026-06-27 04:07:49 UTC
Profile Built2026-06-27 22:14:23 UTC
Data FreshnessLive
Signal Types20
Total Observations25
πŸ” 20 signal types Β· 25 observations collected
This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.