213.209.159.154
# IP Intelligence Briefing: 213.209.159.154
## Executive Summary
IP address 213.209.159.154 is a German-based address belonging to FeoPrestSRL (ASN 208137) located in Amsterdam. While the individual IP carries a moderate risk score of 50, it operates within a high-abuse subnet (213.209.159.0/24) with an abuse density of 0.6071, indicating elevated threat activity in the immediate network neighborhood. The address is currently firewalled with no active services, but historical blacklist activity suggests ongoing abuse concerns.
## Network Ownership and Infrastructure
Organization: FeoPrest-MNT (FeoPrestSRL)
ASN: 208137
CIDR Block: 213.209.159.0/24
Geolocation: Amsterdam, Germany (DE)
RIR: RIPE
The network infrastructure shows no active services, with no open ports detected. DNS resolution is unconfirmed, and no reverse DNS entries exist. The address is not classified as a Tor exit node, proxy, CDN, VPN, or hosting provider.
## Threat Indicators and Risk Profile
Risk Score: 50 (Moderate Risk)
DNSBL Status: Listed on 2 of 8 total blacklists
Campaign Association: None identified
Known Attacker Status: Not flagged
Spam Source Status: Not flagged
The IP shows no active threat indicators, campaign correlations, or known attacker classifications. However, the subnet-level abuse context elevates the operational risk profile.
## Neighborhood Analysis (213.209.159.0/24)
Total Subnet IPs: 28
Active IPs: 23
Threat-Classified IPs: 17
Abuse Density: 0.6071 (HIGH)
Classification: high_abuse
The subnet exhibits significant abuse activity, with approximately 60% of active addresses flagged as threats. Notable high-risk neighbors include:
- 213.209.159.12 (Risk: 80)
- 213.209.159.56 (Risk: 80)
- 213.209.159.175 (Risk: 80)
- 213.209.159.223 (Risk: 80)
## Historical Activity
Total Observations: 15 signals across multiple timeframes
Recent Activity: 2026-06-26 (multiple signals)
Prior Activity: 2026-06-07
Historical data indicates the IP has been listed on multiple blacklists with high-severity ratings in recent observations. Ownership has remained stable with zero changes recorded. The IP is not classified as persistently malicious, but the subnet's persistent abuse patterns suggest coordinated or infrastructure-based threat activity.
## Recommended Security Actions
Network-Level Mitigation:
- Block inbound traffic from subnet 213.209.159.0/24 at perimeter firewalls due to high abuse density
- Implement rate limiting for any permitted traffic from this subnet range
- Monitor for connection attempts from neighboring high-risk IPs (213.209.159.12, 213.209.159.56, 213.209.159.175, 213.209.159.223)
Firewall Rules:
- DROP all traffic from 213.209.159.0/24
- Log all connection attempts for forensic analysis
- Consider geographic filtering for Amsterdam-based traffic if business requires
Threat Intelligence Integration:
- Add 213.209.159.154 and related high-risk neighbors to SIEM correlation rules
- Monitor for new blacklist additions on this subnet
- Alert on any new services appearing on previously firewalled addresses
## Conclusion
While 213.209.159.154 itself shows no active malicious indicators, the subnet context necessitates defensive blocking. The high abuse density (0.6071) and 17 threat-classified neighbors indicate this is an abused network range likely used for distributed malicious activity. Recommended action is to block the entire /24 subnet at the perimeter firewall and monitor for any service changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | FeoPrest-MNT |
| ASN | AS208137 |
| Network Name | FeoPrestSRL |
| CIDR Block | 213.209.159.0/24 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Apache/2.4.62 (CentOS Stream) |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:43:39 UTC |
| Last Seen | 2026-06-26 15:08:24 UTC |
| Profile Built | 2026-06-26 15:57:57 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 17 |
Full dossier details are available via our API.