88.151.33.232

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 88.151.33.232/32

Executive Summary

IP address 88.151.33.232 presents a moderate risk profile (risk score: 40) associated with ASN 41608 (es-nextgenwebs-1-mnt) in Dronten, Netherlands. The subnet 88.151.33.0/24 exhibits high abuse classification with a density score of 0.625, indicating elevated threat activity within the /24 block.

---

Technical Profile

Ownership & Routing:

ASN: 41608 (es-nextgenwebs-1-mnt)
BGP Prefix: 88.151.32.0/22
RIR: RIPE
Operator Score: 0.1304 (Minimal)
DNSSEC Valid: true
Route Stability: false (route changes observed in 30-day period)

Geolocation:

Country: Netherlands (NL)
Region: Flevoland
City: Dronten
Coordinates: 52.13°N, 5.29°E
Accuracy Radius: 225 km

Network Classification:

Service Purpose: Single-Service Host
Not classified as CDN, Cloud, VPN, Proxy, or Hosting infrastructure

---

Threat Indicators

Direct Threat Signals:

Not flagged as known attacker, spam source, or Tor exit node
Blacklist count: 0 (direct listings)
DNSBL Listed: 1 of 8 total threat intelligence lists
No known threat campaigns correlated

Temporal Analysis:

Threat Observation Count: 1
Threat Persistence Days: 0
Is Persistently Malicious: false
Ownership Changes: 0 (stable ownership)

---

Subnet Analysis (88.151.33.0/24)

Neighborhood Risk Distribution:

Total Siblings: 16
Active Siblings: 11
Threat Siblings: 10
Abuse Density: 0.625 (High Abuse Classification)
Inherited Risk Score: 25

Neighbor Risk Breakdown:

High Risk: 0
Medium Risk: 12 (including target IP)
Low Risk: 3

Multiple neighboring IPs share risk scores of 40-65, suggesting coordinated infrastructure or shared abuse patterns within this /24 block.

---

Service Exposure

Open Ports:

Port 22/TCP (SSH): Open
SSH Banner: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

DNS Configuration:

No PTR hostnames resolved
No forward resolution confirmed
No hosted domains
No email authentication (SPF/DMARC) configured

TLS/HTTP:

No TLS certificates
No HTTP service detected
No web title or banner

---

Recommended Security Actions

Firewall/Blocking Rules:

Platform	Rule
iptables	`iptables -A INPUT -s 88.151.33.232 -j DROP`
nftables	`nft add rule inet filter input ip saddr 88.151.33.232 drop`
nginx	`deny 88.151.33.232;`
pfSense	`88.151.33.232/32`
Cloudflare WAF	Block 88.151.33.232 — IPDebrief risk score 40
AWS WAF	Addresses: 88.151.33.232/32 — Description: IPDebrief risk 40

---

Intelligence Assessment

The target IP operates within a high-abuse subnet (88.151.33.0/24) with 62.5% abuse density. While the IP itself shows minimal direct threat indicators and no persistent malicious behavior, the elevated neighborhood risk and single DNSBL listing warrant defensive blocking. The absence of email authentication and the presence of an open SSH service suggest potential for exploitation if the IP is misused.

Recommendation: Apply blocking rules across perimeter defenses. Monitor for activity changes, particularly if the IP begins exhibiting additional threat signals given the subnet's elevated abuse profile.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇳🇱 Netherlands
Region	Flevoland
City	Dronten
Timezone	Europe/Amsterdam
Latitude	52.13
Longitude	5.29

🏢 Ownership & Registration

Organization	es-nextgenwebs-1-mnt
ASN	AS41608
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	42%	2	3
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	28%	1	3
geolocation	27%	2	2
Overall	25%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:40 UTC
Last Seen	2026-06-24 00:14:36 UTC
Profile Built	2026-06-24 00:23:30 UTC
Data Freshness	Live
Signal Types	18
Total Observations	19

🔍 18 signal types · 19 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

88.151.33.232📋 Copy