87.236.176.143

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 87.236.176.143

## Executive Summary

IP 87.236.176.143 presents a moderate risk profile (Risk Score: 40) associated with Driftnet Hostmaster infrastructure in London, UK. The IP is currently firewalled with no open services detected, but operates within a subnet exhibiting elevated abuse density. Recommended action: implement blocking rules across perimeter defenses.

---

## Profile Overview

Attribute	Value
Risk Score	40 (Moderate Risk)
Organization	Driftnet Hostmaster (ASN 211298)
Location	London, GB
Subnet	87.236.176.0/24
Network Classification	Mixed / Firewalled
RIR	RIPE

---

## Threat Indicators

DNSBL Status: Listed on 2 of 8 threat feeds (max severity: high)
Known Attacker: No
Tor Exit Node: No
Spam Source: No
Hosting/Proxy/VPN: None identified
Campaign Association: None detected

---

## Network Context & Neighborhood Analysis

The IP resides in subnet 87.236.176.0/24 with the following characteristics:

Abuse Density: 35.29% (elevated)
Total Subnet IPs: 187
Active Siblings: 40
Threat Siblings: 66
Inherited Risk Score: 14

Neighborhood sampling of 100 IPs shows risk distribution:

High Risk: 0%
Medium Risk: 86%
Low Risk: 14%

Neighboring IPs (87.236.176.2-6) exhibit risk scores ranging from 40-55, indicating a generally elevated-risk neighborhood.

---

## DNS & Network Role

PTR Record: r3-143-8f.monitoring.internet-measurement.com
Forward Resolution: Confirmed (internet-measurement.com)
Email Security: SPF and DMARC records present
Services: None detected (Firewalled / No Services)
Control Plane: Route stability compromised; 2 DNSBL listings

---

## Observation History

19 observations recorded with signals from June 2026 timeframe. Recent signals indicate:

Operator Score: 0.1304 (Minimal)
Abuse density classification: Mixed
Subnet-level threat observations: 1
Not persistently malicious

---

## Recommended Security Actions

Based on risk assessment, implement the following blocking rules:

iptables

```

iptables -A INPUT -s 87.236.176.143 -j DROP

```

nftables

```

nft add rule inet filter input ip saddr 87.236.176.143 drop

```

nginx

```

deny 87.236.176.143;

```

pfSense

```

87.236.176.143/32

```

Cloudflare WAF

```json

{

"description": "Block 87.236.176.143 — IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 87.236.176.143"

}

```

AWS WAF

```json

{

"Addresses": ["87.236.176.143/32"],

"Description": "IPDebrief risk 40"

}

```

---

## Intelligence Assessment

The IP demonstrates moderate-risk characteristics with DNSBL listings and elevated neighborhood abuse density. However, the absence of open services and known campaign associations reduces immediate threat severity. Blocking is recommended at perimeter controls, particularly given the subnet's 35% abuse density and 66 threat-sibling count. Monitor for service activation or reputation degradation.

---

*Report generated by IPDebrief Intelligence Platform. All data based on observed signals and third-party threat intelligence feeds.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	—
City	London
Timezone	Europe/London
Latitude	51.50
Longitude	-0.12

🏢 Ownership & Registration

Organization	Driftnet Hostmaster
ASN	AS211298
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	r3-143-8f.monitoring.internet-measurement.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`r3-143-8f.monitoring.internet-measurement.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	13%	1	1
services	8%	1	1
ownership	20%	2	3
reputation	19%	1	3
geolocation	19%	2	2
Overall	17%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:40 UTC
Last Seen	2026-06-24 00:01:33 UTC
Profile Built	2026-06-24 00:08:59 UTC
Data Freshness	Live
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

87.236.176.143📋 Copy