217.216.86.141
Intelligence Briefing: IP Address 217.216.86.141/32
Overview:
The IP address 217.216.86.141/32 was observed over a specified period, and multiple data points were collected to assess its network behavior and potential threat implications. The following summary encapsulates the key findings from available tools, focusing on observed activity, historical context, relationships with other entities, and neighborhood characteristics.
Historical Observations and Activity:
- Registration and Ownership: The IP address is registered under a specific organization, consistent with its geographic and organizational domain. No significant changes in registration details were noted during the observation period.
- Historical Usage: Over the observation period, this IP address exhibited regular activity patterns typical of its assigned service. The nature of services hosted on this IP remains consistent with its registered purpose.
- Traffic Patterns: Analysis of traffic patterns revealed standard operational data flow, with no significant deviations that would indicate unusual activity. Data traffic was predominantly inbound and outbound, aligned with expected use cases for the service type.
Relationships and Interactions:
- Network Interactions: The IP address engaged in routine communications with known and legitimate third-party services. No interactions with suspicious or blacklisted entities were detected.
- Association with Other IPs: The address maintained regular connections with IPs within its assigned network range, supporting its service-related activities. No evidence of lateral movement or connections with known malicious IPs was observed.
Neighborhood Characteristics:
- IP Range Analysis: The broader IP range, 217.216.0.0/16, was examined, revealing a network environment predominantly composed of benign and commercially oriented entities. The specific subnet hosting 217.216.86.141 is associated with similar services and organizations.
- Reputation and Anomalies: The neighborhood of IP 217.216.86.141/32 is characterized by a stable reputation, with no notable incidents of security breaches or malicious activities in the surrounding IP space during the observation period.
Threat Assessment:
Based on the collected data, IP address 217.216.86.141/32 does not exhibit any immediate threat characteristics. Its activities align with its registered purpose, and interactions remain within expected parameters. No indicators of compromise or malicious behavior were identified.
Actionable Recommendations:
- Continued Monitoring: While no immediate threat is present, it is advisable to continue monitoring the IP address for any deviations from established patterns or unexpected interactions.
- Verification of Service Integrity: Periodically verify the integrity and security posture of services hosted on this IP to ensure ongoing compliance with security standards.
- Network Segmentation: Ensure that network segmentation policies are in place to isolate and protect critical assets from potential future risks.
This intelligence briefing provides a comprehensive overview of the IP address 217.216.86.141/32, offering insights into its network behavior and threat landscape based on observed data. SOC analysts are encouraged to use this information to inform their defensive strategies and monitoring efforts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS40021 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3085733.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3085733.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | *.lingoql.comlingoql.com |
| Valid From | 2026-05-02T13:54:39+00:00 |
| Valid Until | 2026-07-31T13:54:38+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0591D69EAB16F35077A77CB6BF8A219DA52C |
| Thumbprint | A3D577D4FA20FC7A1930501EB0585F63413F74B5 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:12 UTC |
| Last Seen | 2026-06-27 04:11:37 UTC |
| Profile Built | 2026-06-27 22:17:51 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 32 |
Full dossier details are available via our API.