# INTELLIGENCE BRIEFING: IP 87.71.5.165/32
Classification: High Risk
Date: 2026-06-24
Analyst: IPDebrief Intelligence Team
---
## EXECUTIVE SUMMARY
IP 87.71.5.165 is a high-risk single-service host located in Tel Aviv, Israel, operating within ASN 12400. The IP presents an SSH service on port 22 and has been listed on 6 of 8 DNSBLs. While the immediate /24 neighborhood shows low abuse density, the IP itself carries a risk score of 80.
---
## GEOLOCATION & OWNERSHIP
- Country: Israel (IL)
- City: Tel Aviv
- Coordinates: 31.05°N, 34.85°E
- ASN: 12400 (AS9116-MNT)
- RIR: RIPE
- Registration Status: Ownership details available via RDAP
---
## NETWORK CLASSIFICATION
- Role: Single-Service Host
- Provider Score: 0
- Authority Score: 0
- Infrastructure Type: None identified
- Cloud/CDN/VPN: Negative across all categories
- Stability: Route stability flagged as false; route changes observed
---
## THREAT INDICATORS
- Risk Score: 80 (High Risk)
- DNSBL Listings: 6 of 8 total lists
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Campaign Likelihood: None
- Threat Observation Count: 1
---
## SERVICE FINGERPRINT
- Open Ports: TCP/22 (SSH)
- Banner: SSH-1.99-OpenSSH_5.1
- TLS Certificate: None
- HTTP Services: None detected
- Forward Resolution: Not confirmed
---
## OBSERVATION HISTORY (17 Signals)
Recent observations span June 2026:
| Date | Signal Type | Key Finding |
|---|---|---|
| 2026-06-24 | Geolocation | IL, Tel Aviv (52% confidence) |
| 2026-06-03 | Network Role | Single-service classification |
| 2026-06-03 | Neighborhood | Abuse density: 1, classification: mostly_clean |
| 2026-06-03 | Campaign | No banner/cert matches |
---
## NEIGHBORHOOD ANALYSIS (/24: 87.71.5.0/24)
- Abuse Density: 0 (low)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Risk Distribution: Low (1), Medium (0), High (0)
Neighbor: 87.71.5.18
- Risk Score: 0
- Authority Score: 50
---
## RELATIONSHIP GRAPH
Seventeen relationships identified, all classified as "Same Network" with target value "DHCP-99-OD." No organizational, certificate, or hostname relationships detected beyond network-level associations.
---
## ASSESSMENT & RECOMMENDATIONS
Threat Profile: This IP represents a high-risk single-service host with persistent SSH exposure. The combination of DNSBL listings (6/8), route instability, and high risk score warrants monitoring. The neighborhood appears relatively clean with one active sibling.
Recommended Actions:
1. Block inbound SSH traffic from this IP at perimeter firewall
2. Monitor for lateral movement attempts within the /24 subnet
3. Verify DNSBL listings via RDAP abuse contact
4. Add to threat intelligence watchlist for repeat observation
Priority: MEDIUM-HIGH
Action Required: Firewall rule deployment recommended for inbound SSH traffic blocking.
---
*Generated by IPDebrief Intelligence Platform*
*All data sourced from live network observation and threat intelligence feeds*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AS9116-MNT |
| ASN | AS12400 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-1.99-OpenSSH_5.1 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:40 UTC |
| Last Seen | 2026-06-24 07:30:21 UTC |
| Profile Built | 2026-06-24 00:16:42 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 18 |
Full dossier details are available via our API.