37.32.8.228
IP Intelligence Briefing: 37.32.8.228
Date: 2026-06-11
---
**1. Risk Profile**
- Risk Score: Moderate (50/100)
- Threat Indicators:
- Listed in 8 DNSBL feeds (2 high-severity, 6 medium).
- Detected in Alienvault-OTX with 5 threat pulses (unknown campaigns).
- Geolocation Discrepancy:
- Registered to Iran (IR) but geolocated to Germany (DE) via MaxMind.
- Latitude/Longitude: 35.698, 51.4115 (Iran).
- Network Ownership:
- ASN AS202468 (AbrArvan), RIPE registry.
- Subnet: 37.32.0.0/19 (shared with 8192 IPs).
---
**2. Observational History**
- Active Signals (13 total):
- Threat Feeds: 8 listings (high/medium severity).
- Geolocation: Confirmed Iran (35.698, 51.4115) via MaxMind.
- DNSBL: 2 DNS-based blackhole listings.
- Operator Score: Minimal risk (0.13).
- Trend: No historical persistence; first observed June 4, 2026.
---
**3. Network Relationships**
- Shared Network:
- Part of IR-ABRARVAN-20120102 (ASN 202468).
- No direct sibling IPs in the 37.32.8.0/22 subnet (neighbors tool returned 0).
- Subnet Abuse Density: 0% (no risky neighbors detected).
---
**4. Technical Context**
- Services: No open ports, TLS, or HTTP services detected.
- DNS: No PTR records, SPF/DKIM records, or domain associations.
- BGP:
- Route stability: Unstable (route changes in last 30 days).
- RPKI invalid state; no IRR consistency.
- Traceroute: 21 hops, 9 timeouts; routed through Comcast.
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor for DNSBL-related attacks (e.g., phishing, malware distribution).
- Investigate geolocation inconsistencies (Iran vs. Germany).
- Block IP in firewalls/WAFs due to high threat feed exposure.
- Validate network ownership via RIPE RDAP for potential abuse.
- Next Steps:
- Cross-reference with ThreatFeeds for campaign correlations.
- Check AbrArvan ASN for broader network risks.
Conclusion: The IP exhibits moderate risk due to DNSBL listings and geolocation anomalies, despite no direct malicious activity. Prioritize monitoring and network segmentation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AbrArvan |
| ASN | AS202468 |
| Network Name | IR-ABRARVAN-20120102 |
| CIDR Block | 37.32.0.0/19 |
| RIR | RIPE |
| Country | IR |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 17% | 1 | 1 |
| Overall | 14% | 6 | 7 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 18:57:48 UTC |
| Last Seen | 2026-06-11 06:26:02 UTC |
| Profile Built | 2026-06-11 06:35:41 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.