217.97.204.62📋 Copy

# IP Intelligence Briefing: 217.97.204.62

## Executive Summary

IP 217.97.204.62 is a mobile-originated endpoint operating from Poland with a moderate risk score (40/100). The address is registered to individual Krzysztof Baran under ASN 5617 (TPNET - Orange Polska) and functions as a multi-service host. Recent evidence indicates the IP has been listed on 2 DNSBL feeds with maximum severity ratings.

## Technical Profile

Ownership & Registration:

• ASN: 5617 (TPNET - Orange Polska Spolka Akcyjna, PL)
• Organization: Krzysztof Baran
• RIR: RIPE (Poland)
• Connection Type: Mobile (Orange Polska S.A., LTE/5G technology)

Geolocation:

• Country: Poland (PL)
• Region: Lubusz
• City: Jasień
• Coordinates: 51.92°N, 19.15°E
• Accuracy Radius: 400km

Network Role:

• Service Purpose: Multi-Service Host
• Is Mobile: Yes
• Is Residential/Proxy/VPN/Cloud: No

## Service & Port Exposure

Active Services:

• Port 80/TCP: HTTP (lighttpd/1.4.39 web server)
• Port 22/TCP: SSH (dropbear)
• HTTP Status: 302 (redirect)

Server Fingerprint:

• Web Server: lighttpd/1.4.39
• HTTP Version: 1.1
• Response Time: 292ms average

## Threat Indicators

Blacklist Status:

• DNSBL Listed: 2 of 8 total lists
• Maximum Severity: High
• Operator Score: 0.1304 (Minimal)

Threat Classification:

• Reputation: Moderate Risk
• Abuse Confidence Score: Not applicable
• Known Attacker: No
• Tor Exit Node: No
• Spam Source: No

## Historical Analysis

Observation Timeline: 21 signals observed

• Most recent activity: 2026-06-23
• Threat Persistence: 0 days (not persistently malicious)
• Ownership Changes: 0

Key Historical Signals:

• ASN routing data confirmed from 2026-06-18 via team-cymru-dns
• HTTP server fingerprinting consistent with lighttpd/1.4.39
• DNSBL listings detected with high severity classification
• Control plane stability: Route changes detected within 30-day window

## Relationship & Neighborhood Analysis

Relationship Graph: 27 relationships identified

• Primary association: M-CONNECT network (multiple entries)
• Network classification: Mostly clean with minimal inherited risk

Subnet Analysis (217.97.204.62/24):

• Abuse Density: 0 (mostly clean)
• Risk Distribution: No high/medium risk neighbors
• Active Siblings: 1
• Threat Siblings: 1
• Inherited Risk Score: 2

## Recommended Actions

Immediate:

• Monitor for DNSBL listing changes; current high-severity listings suggest potential spam/malicious activity
• SSH service on port 22 presents exposure risk; evaluate necessity of remote access from mobile network
• HTTP redirect (302) may indicate redirect chain or compromised web server configuration

Firewall/Security Rules:

• Consider rate-limiting HTTP requests due to multi-service hosting pattern
• Monitor SSH connections for brute force attempts (dropbear server detected)
• Evaluate connection legitimacy given mobile network origin

Long-term:

• Track relationship with M-CONNECT network for correlated threat intelligence
• Monitor for additional DNSBL listings as they may indicate escalating reputation issues
• Assess if multi-service hosting on mobile infrastructure meets organizational security policies

## Risk Assessment

This IP presents moderate risk primarily due to DNSBL listings and multi-service hosting on mobile infrastructure. The subnet context suggests limited abuse activity at scale, but the single threat sibling warrants monitoring. The mobile network origin and individual registration pattern may indicate legitimate personal use or potentially compromised residential infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.