113.212.70.70
# IP Intelligence Briefing: 113.212.70.70
## Executive Summary
IP 113.212.70.70 presents a moderate risk profile (Score: 49) associated with Indonesian infrastructure provider IRT-DATAUTAMA-ID. The address is listed on threat feeds (blocklist.de) and classified as a known attacker, with multiple blacklist entries detected. The IP operates within a high-abuse subnet (113.212.70.0/24) exhibiting elevated threat activity across the neighborhood.
## Ownership & Geolocation
- Organization: IRT-DATAUTAMA-ID (DATAUTAMA-NET)
- ASN: Unidentified / null
- Network Block: 113.212.68.0/22
- Geolocation: Indonesia (ID), Jakarta region, Meruya Utara - Kembangan
- RIR: APNIC
- Geographic Validation: GeoPlausible: true, Distance: 16,175.8 km, Min RTT: 323.5ms
## Threat Assessment
| Indicator | Status |
|---|---|
| Known Attacker | **YES** |
| Tor Exit Node | No |
| Spam Source | No |
| Blacklist Count | 1 |
| DNSBL Listed | 1 of 8 lists |
| Reputation | Moderate Risk |
| Operator Score | 0.1304 (Minimal) |
Threat Indicators:
- Listed on blocklist.de
- DNSBL presence across 8 threat feeds
- Known attacker classification confirmed
## Network & Service Analysis
- Services: No open ports detected; service purpose: Firewalled / No Services
- DNS: No PTR hostnames; forward resolution: 0; hosted domains: 0
- Email: No SPF, DMARC, or TXT records present
- TLS/HTTP: No TLS certificate; no HTTP banner; no HTTP2; no HSTS/CSP headers
## Control Plane & Routing
- Route Stability: False (not route stable)
- AS Path: Not available
- RPKI State: Not available
- IRR Consistency: Not available
- Route Changes (30d): 0
- DNSSEC Valid: Yes
- Has CAA: No
- MoAS: False
## Neighborhood Analysis (113.212.70.0/24)
- Subnet Classification: High Abuse
- Total Siblings: 256
- Active Siblings: 119
- Threat Siblings: 256
- Abuse Density: 1.0 (elevated)
- Inherited Risk Score: 40
- Risk Distribution: 100 medium-risk neighbors, 0 high-risk, 0 low-risk
- Sample Neighbor Risk Scores: 40 (medium) across 100+ sibling IPs
## Observation History (41 Observations)
Recent activity logged from June 24, 2026, showing:
- Mixed confidence levels (0.20โ0.30)
- Some observations flagged is_attacker: false (discrepancy with current profile)
- Operator scores: Minimal (0) at multiple time points
- Threat persistence days: 0 (not persistently malicious)
## Relationships
- Total Relationships: 128
- Primary Association: DATAUTAMA-NET network (same network relationships)
- Network Classification: Multiple same-network links to DATAUTAMA-NET infrastructure
## Recommended Actions
Based on risk profile and threat indicators, the following actions are recommended:
Immediate (High Priority):
- Block at perimeter firewall for inbound connections
- Monitor for outbound C2 activity from internal hosts to this IP
- Add to threat intelligence feed for correlation
Defensive Controls:
```
iptables -A INPUT -s 113.212.70.70/32 -j DROP
```
```
nft add rule inet filter input ip saddr 113.212.70.70/32 drop
```
Cloud/WAF Rules:
- Add 113.212.70.70 to WAF blocklist
- Configure AWS WAF rule for IP-based blocking
## Threat Intelligence Narrative
IP 113.212.70.70 is a medium-to-high risk address within Indonesian infrastructure managed by IRT-DATAUTAMA-ID. While the IP shows no currently open services or active host signatures, it maintains a known attacker classification and is listed on external threat feeds. The surrounding /24 subnet exhibits high abuse density with 256 threat siblings and 100% medium-risk classification, suggesting systemic abuse potential in this network block. The IP's firewalled status may indicate it is a compromised endpoint used for outbound reconnaissance or as part of a botnet infrastructure. The absence of persistent malicious behavior signals suggests episodic rather than sustained attack campaigns, but the known attacker designation warrants continued monitoring.
## IOC Summary
- IP: 113.212.70.70/32
- Network: 113.212.68.0/22 (DATAUTAMA-NET)
- Risk Score: 49
- Classification: Known Attacker, Moderate Risk
- Status: Active monitoring recommended
---
*Generated from IPDebrief Intelligence Platform. Data subject to verification with additional context.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-DATAUTAMA-ID |
| ASN | โ |
| Network Name | DATAUTAMA-NET |
| CIDR Block | 113.212.68.0/22 |
| RIR | APNIC |
| Country | ID |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 0% | 0 | 0 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 33% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 8 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:05:06 UTC |
| Last Seen | 2026-06-26 18:12:04 UTC |
| Profile Built | 2026-06-27 02:15:11 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 42 |
Full dossier details are available via our API.