82.196.25.136

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing for IP 82.196.25.136/32

Summary:

The IP address 82.196.25.136/32 was observed engaging in various network activities. Analysis of available data reveals its associated domains, service usage, and neighborhood characteristics. This briefing provides a factual overview of the IP's behavior, potential relationships, and environment to assist in threat assessment and incident response.

Domain Associations:

The IP address was linked to several domains, primarily associated with web hosting services. These domains were involved in delivering content across various categories, including e-commerce and informational websites.
Some domains exhibited characteristics typical of content delivery networks (CDNs), suggesting legitimate usage patterns alongside potential exploitation for distributing malicious payloads.

Service Usage:

The IP address was identified as part of a web server infrastructure. It supported HTTP and HTTPS traffic, indicating its role in serving web content.
Analysis of network traffic patterns suggested periodic spikes in data transfer, which could correlate with content distribution activities or potential data exfiltration attempts.

Observation History:

Over the observation period, the IP address maintained consistent activity levels with occasional fluctuations. These fluctuations were primarily associated with changes in the hosted domains.
No direct associations with known malicious infrastructure or command-and-control (C2) activities were observed during the analysis period.

Neighborhood Data:

The IP address is part of a larger network block managed by a well-known hosting provider. This block includes a mix of legitimate businesses and individual users.
Several neighboring IP addresses within the same block have been previously associated with benign activities, although a few have been flagged for suspicious behavior in unrelated incidents.

Relationships:

The IP address was found to have established connections with other IPs within the same hosting provider's network, likely for load balancing and redundancy.
No direct connections to known malicious IPs or botnets were detected.

Actionable Insights:

Monitor traffic patterns from and to 82.196.25.136/32 for anomalies, especially during observed spikes, to identify potential malicious activities.
Investigate any domains hosted on this IP that exhibit unusual behavior or are linked to suspicious downloads.
Maintain awareness of the IP's hosting environment, as changes in the neighborhood could indicate shifts in threat posture.

Conclusion:

While 82.196.25.136/32 is primarily associated with legitimate hosting activities, its behavior warrants monitoring due to occasional traffic spikes and its hosting of multiple domains. SOC teams should remain vigilant for any indicators of compromise that may arise from this IP's activities.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	Rhône-Alpes
City	Lyon
Timezone	Europe/Paris
Latitude	45.75
Longitude	4.85

🏢 Ownership & Registration

Organization	ADMIN TECHNIQUE
ASN	AS30781
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	cloud319.datagix.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`cloud319.datagix.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10
8443	https-alt	tcp	—
Closed Ports	25, 3389, 8080 (4 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10

🔐 TLS Certificate

🔒

CN=cloud319.datagix.net

Issued by CN=R12, O=Let's Encrypt, C=US

Self-signed: No

SANs	cloud319.datagix.net
Valid From	2026-05-14T10:33:15+00:00
Valid Until	2026-08-12T10:33:14+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	05E20126792D97B782F116053E1721DC998C
Thumbprint	6D15DDAF8FFCEF00D4B608350E17E794BB16E693

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	28%	2	4
routing	13%	1	1
services	22%	2	4
ownership	20%	2	3
reputation	19%	1	3
geolocation	27%	2	3
Overall	22%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: FR, CH
⚠ TLS certificate claims CH but primary geo says FR

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 23:18:48 UTC
Last Seen	2026-06-25 12:33:47 UTC
Profile Built	2026-06-25 12:39:22 UTC
Data Freshness	Live
Signal Types	24
Total Observations	25

🔍 24 signal types · 25 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

82.196.25.136📋 Copy