IPDebrief

123.57.73.112

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: IP 123.57.73.112

Classification: Moderate Risk (Risk Score: 50)

Date: 2026-06-25

Report ID: IP-1235773112-20260625

---

## EXECUTIVE SUMMARY

IP address 123.57.73.112 presents a moderate risk profile with a risk score of 50. The address is geolocated to Beijing, China, and is associated with ASN 37963 (ALISOFT). No active threat indicators were detected during profile analysis, but the moderate risk classification warrants defensive monitoring.

---

## OWNERSHIP & NETWORK CLASSIFICATION

AttributeValue
**ASN**37963
**Organization**ALISOFT
**Network Name**ALISOFT
**CIDR Block**123.56.0.0/15
**Country**CN (China)
**Region**Beijing
**RIR**APNIC
**Registration Date**Not available

Network Role: Firewalled / No Services

Infrastructure Type: Not cloud, not CDN, not VPN, not proxy, not hosting infrastructure

---

## THREAT ASSESSMENT

Overall Risk Score: 50 (Moderate Risk)

Abuse Confidence Score: Not available

Blacklist Status: Not listed on threat feeds

Tor Exit Node: No

Known Attacker: No

Spam Source: No

Threat Indicators: None detected

Known Campaigns: None associated

DNSBL Listings: 2 out of 8 total lists

---

## OBSERVATION HISTORY

The IP has been observed across 15 signal observations spanning multiple dates. Key observations include:

Threat Persistence: 0 days

Ownership Changes: 0

Persistent Malicious Activity: False

---

## RELATIONSHIP ANALYSIS

The IP exhibits 15 relationships, all classified as "Same Network" pointing to the ALISOFT network infrastructure. This indicates the IP operates within a larger network block with consistent network classification. No external entity relationships (hostnames, certificates, organizations outside the network) were identified.

---

## NEIGHBORHOOD ANALYSIS

Subnet: 123.57.73.112/24

Abuse Density: 0 (Low)

Classification: Mostly Clean

Total Siblings: 1

Active Siblings: 0

Threat Siblings: 1

The neighboring subnet shows low abuse density with minimal threat concentration, suggesting this IP does not operate in a highly compromised network environment.

---

## CONTROL PLANE DATA

---

## RECOMMENDED ACTIONS

Based on the moderate risk profile, the following defensive measures are recommended:

Firewall Rules

PlatformRule
**iptables**`iptables -A INPUT -s 123.57.73.112 -j DROP`
**nftables**`nft add rule inet filter input ip saddr 123.57.73.112 drop`
**nginx**`deny 123.57.73.112;`
**pfSense**`123.57.73.112/32`
**Cloudflare WAF**Block IP 123.57.73.112 with expression `ip.src eq 123.57.73.112`
**AWS WAF**Add address `123.57.73.112/32` to protection rules

Priority Assessment

Immediate Action: Recommended blocking due to moderate risk score

Monitoring: Continue surveillance for threat indicator emergence

Context: IP appears dormant with no open services; blocking is precautionary

---

## ANALYST NOTES

This IP address presents a moderate risk profile without active malicious indicators. The moderate risk score (50) suggests defensive caution is warranted. The absence of open services and threat indicators indicates the IP may be dormant or part of a larger network infrastructure. Continued monitoring is recommended, particularly given the moderate risk classification and the presence of 2 DNSBL listings. The low abuse density in the neighboring subnet provides context that this IP is not operating in a highly compromised network environment.

---

Report Generated: 2026-06-25

Data Sources: IPDebrief Intelligence Platform

Classification: SOC Analyst Briefing

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ณ China
RegionBeijing
CityBeijing
Timezoneโ€”
Latitude39.91
Longitude116.40

๐Ÿข Ownership & Registration

Organizationsecurity trouble
ASNAS37963
Network NameALISOFT
CIDR Block123.56.0.0/15
RIRAPNIC
CountryCN
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierUnknown โ€” Insufficient routing data to classify
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
23
routing
13%
11
services
15%
22
ownership
27%
23
reputation
22%
13
geolocation
19%
22
Overall20%1014
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-08 05:01:35 UTC
Last Seen2026-06-25 01:59:07 UTC
Profile Built2026-06-25 02:07:26 UTC
Data FreshnessLive
Signal Types16
Total Observations16
๐Ÿ” 16 signal types ยท 16 observations collected
This report is generated from 16+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.