87.236.176.125
# IP Intelligence Briefing: 87.236.176.125/32
## Executive Summary
IP address 87.236.176.125 is classified as Moderate Risk (Score: 55). The address is hosted by Driftnet Hostmaster (AS211298) within the UK-DRIFTNET-20050831 network block in London, GB. The subnet exhibits mixed abuse characteristics with 34.9% abuse density across 192 total siblings. No active threat indicators were detected during the current profile assessment.
## Current Risk Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 55 (Moderate) |
| **ASN** | 211298 (Driftnet Ltd, GB) |
| **Organization** | Driftnet Hostmaster |
| **Country** | GB (London) |
| **RIR** | RIPE |
| **Registration Date** | 2005-08-31 |
| **CIDR Block** | 87.236.176.0/24 |
## Network Role & Services
- Infrastructure Type: No services detected; connection type classified as "Firewalled / No Services"
- Open Ports: None detected
- TLS/Certificates: None
- CDN/Cloud/Proxy: No
- Tor Exit Node: No
## DNS Analysis
- PTR Hostnames: r3-125-7d.monitoring.internet-measurement.com
- Forward Resolution: Confirmed (1 hostname)
- Domain: internet-measurement.com
- Email Auth: SPF and DMARC records present
- DNSBL Listings: 3 listings out of 8 total checks
## Neighborhood Assessment (87.236.176.0/24)
- Total Siblings: 192
- Active Siblings: 47
- Threat Siblings: 67
- Abuse Density: 34.9%
- Inherited Risk: 13
- Subnet Classification: Mixed
- Risk Distribution Across Neighbors: 0 High, 86 Medium, 14 Low
Key neighboring IPs include 87.236.176.2 (Risk: 40), 87.236.176.3 (Risk: 55), and 87.236.176.4 (Risk: 55).
## Threat Indicators
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None
- Is Known Attacker: No
- Is Spam Source: No
- Threat Feeds: Empty
## Historical Trend Analysis
Seven observations were tracked over the monitoring period. Notable changes include:
| Observation Date | Classification | Abuse Density | Inherited Risk |
|---|---|---|---|
| 2026-06-25 | Mostly Clean | 8.11% | 3 |
| 2026-06-05 | Mixed | 34.9% | 13 |
The subnet classification shifted from "mixed" (June 5) to "mostly clean" (June 25), indicating improved subnet hygiene or temporary mitigation. Geolocation consistency shows the IP registered in GB (London) with ASN 211298.
## Network Relationships
- Total Relationships: 31
- Primary Network Association: UK-DRIFTNET-20050831 (repeated across multiple relationship entries)
- BGP Prefix: 87.236.176.0/24
## Recommended Actions
Based on the risk profile and current threat indicators, the following actions are recommended:
1. Monitoring: Maintain observation; no immediate blocking required.
2. Blocklist Evaluation: Currently 0 blacklist hits; continue monitoring.
3. Subnet Context: Evaluate traffic patterns against the broader 87.236.176.0/24 subnet (34.9% abuse density) to determine if broader subnet restrictions are warranted.
## SOC Analyst Notes
- No active threat indicators detected against this specific IP.
- Moderate risk score primarily driven by subnet-level abuse density rather than IP-specific malicious activity.
- Historical trend shows improving subnet classification from June 5 to June 25.
- Consider implementing subnet-level monitoring policies if broader abuse patterns are observed across the 87.236.176.0/24 block.
---
*Report generated: Current session | Data Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Driftnet Hostmaster |
| ASN | AS211298 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | r3-125-7d.monitoring.internet-measurement.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | r3-125-7d.monitoring.internet-measurement.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 38% | 2 | 4 |
| Overall | 23% | 9 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:12:24 UTC |
| Last Seen | 2026-06-25 23:40:17 UTC |
| Profile Built | 2026-06-25 23:46:06 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.