210.79.190.22
Threat Intelligence Briefing: IP 210.79.190.22/32
Summary
The IP address 210.79.190.22 is classified as low risk with a risk score of 25. It is associated with the ASN 136052 (IRT-KEBUNA-ID) and geolocated to Indonesia (ID). No malicious indicators, threat campaigns, or blacklist entries were detected. The IP hosts a multi-service network with open ports for HTTP (80) and SSH (22), managed by nginx/1.24.0.
Key Findings
1. Network & Ownership
- Owned by IRT-KEBUNA-ID (APNIC registry).
- Subnet 210.79.190.0/24 has an abuse density of 0.5, with 1 threat sibling and 2 total siblings.
- Neighbors include 210.79.190.31 (low risk) and 210.79.190.151 (medium risk).
2. Threat Observations
- No active threats, malware, or exploitation indicators detected.
- Historical scans (June 3, 2026) showed no malicious activity.
- SSH banner: SSH-2.0-OpenSSH_9.6p1; HTTP server: nginx/1.24.0.
3. DNS & Hosting
- DNS PTR record: ip210-79-190-22.cloudhost.web.id.
- No email authentication (SPF/DKIM) or TLS certificates detected.
4. Subnet & Neighbors
- Subnet 210.79.190.22/24 is classified as mostly clean.
- One neighbor (210.79.190.151) has a medium risk score, warranting further investigation.
Recommendations
- Monitor the 210.79.190.151 neighbor for potential abuse.
- Ensure DNS records and hostnames (e.g., cloudhost.web.id) are validated for legitimacy.
- Maintain baseline network traffic patterns to detect anomalies in the subnet.
Conclusion
The IP address appears legitimate with no immediate threats. Focus on the subnetโs medium-risk neighbor and ensure DNS associations are verified. No immediate action required, but ongoing monitoring is advised.
*Generated using IPDebrief threat intelligence tools.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-KEBUNA-ID |
| ASN | AS136052 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ip210-79-190-22.cloudhost.web.id |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | ip210-79-190-22.cloudhost.web.id |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-24 21:55:06 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.