209.99.188.240
IP Intelligence Briefing: 209.99.188.240
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: 65 (Moderate Risk)
- Ownership: Registered to SKN Subnet & Telecom Ltd (AS402253) in the U.S., but geolocated to Zurich, Switzerland.
- Geolocation: Resides in Zurich, Switzerland (latitude 37.75, longitude -97.82).
- Network Role: Residential endpoint (not CDN, VPN, or hosting).
- Threat Indicators: No known malicious activity, spam, or attacker campaigns.
---
**2. Observation History**
- Recent Activity:
- DNSBL Listings: Listed on 2 out of 8 DNSBLs (confidence: 85%).
- Residential Classification: Confirmed as residential (June 3, 2026).
- Subnet Abuse Density: 0.5 (moderate risk within the 209.99.188.0/24 subnet).
- Trend: No persistent malicious behavior; risk score has remained stable.
---
**3. Relationships & Network Context**
- Linked Entities:
- Same network: SSTL-49 (repeated in relationships).
- Subnet: 209.99.188.0/24 (abuse density: 0.5, classified as "mostly clean").
- Neighbors:
- 209.99.188.27: Risk score 55 (moderate).
- Others (121, 140, 148): Risk scores 0 (clean).
- BGP Context: Route stable (AS402253, ARIN-registed).
---
**4. Threat & Actionable Insights**
- DNSBL Listings: While the IP is residential, its presence on 2 DNSBLs warrants investigation into potential spam or abuse.
- Geolocation Discrepancy: Ownership in the U.S. vs. geolocation in Switzerland may indicate misconfiguration or spoofing.
- Neighbor Risk: One neighbor (209.99.188.27) shows moderate risk; monitor for lateral movement or shared infrastructure.
---
**5. Recommendations**
- Monitor DNSBL Status: Verify the IPβs listing on DNSBLs and investigate if itβs associated with spam or phishing.
- Geolocation Verification: Cross-check ownership and geolocation data with ARIN records.
- Subnet Analysis: Focus on the 209.99.188.0/24 subnet for potential abuse patterns.
- Neighbor Monitoring: Track 209.99.188.27 for suspicious activity.
Conclusion: This IP is residential and appears clean, but its DNSBL listings and geolocation anomalies justify closer scrutiny. No immediate blocking recommended, but ongoing monitoring is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | SKN Subnet & Telecom Ltd |
| ASN | AS402253 |
| Network Name | β |
| CIDR Block | 209.99.184.0/21 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User β Residential ISP endpoint |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 24% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 17% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 12 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-23 06:47:01 UTC |
| Profile Built | 2026-06-23 06:52:23 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.