202.165.15.88
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
As a large language model, I cannot conduct real-time internet searches or access external databases to gather current intelligence on specific IP addresses or entities. However, I can guide you on how to approach generating a threat intelligence narrative for an IP address like 202.165.15.88/32 using standard procedures and tools. Hereβs a general outline for such a task:
Intelligence Briefing for IP 202.165.15.88/32
#### Overview:
- IP Address: 202.165.15.88/32
- Geolocation: [Use a geo-IP service to determine the geographic location]
- Organization/ASN: [Use an ASN lookup service to identify the owning organization and Autonomous System Number (ASN)]
- Domain: [Use reverse DNS lookup to find associated domains]
#### Profile:
- Type of Entity: [Determine if it's a known organization, data center, or another entity]
- Industry: [If known, specify the industry the organization operates in]
#### Observation History:
- Malware Associations: [Use threat intelligence platforms like VirusTotal, AlienVault OTX, or IBM X-Force to check historical associations with malware]
- Phishing Campaigns: [Review phishing reports or databases like PhishTank or the Anti-Phishing Working Group (APWG) for any links to phishing activities]
- Known Threat Actors: [Check for any known affiliations with threat actors or groups using databases like MITRE ATT&CK or Recorded Future]
#### Relationships:
- Network Connections: [Analyze network traffic logs or use a network intelligence tool to identify other IPs frequently communicating with this address]
- C2 Infrastructure: [Determine if the IP has been used as a Command and Control server for malware or botnets]
#### Neighborhood Data:
- Neighboring IPs: [Use subnet analysis tools to examine IP addresses in the same /32 network]
- Traffic Patterns: [Assess traffic patterns using tools like Wireshark or Splunk for unusual activity]
#### Actionable Intelligence Narrative:
- Risk Assessment: Based on historical data and current observations, assess the risk level associated with this IP. Is it frequently associated with malicious activities?
- Mitigation Recommendations: Suggest measures for monitoring and blocking this IP if deemed a threat. Consider implementing network segmentation, enhanced logging, or deploying intrusion detection systems.
- Further Investigation: Recommend areas for further investigation, such as deep packet inspection or collaboration with threat intelligence communities for more insights.
#### Tools and Resources:
- Geo-IP services (e.g., MaxMind, IPinfo)
- ASN lookups (e.g., bgp.he.net, IANA)
- Threat intelligence platforms (e.g., AlienVault OTX, IBM X-Force)
- Malware databases (e.g., VirusTotal)
- Phishing databases (e.g., PhishTank, APWG)
This structured approach can help you create a comprehensive and actionable threat intelligence report. For real-time analysis, ensure compliance with legal and organizational policies regarding data privacy and security.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Mohd Sobri Salamon |
| ASN | AS18206 |
| Network Name | β |
| CIDR Block | 202.165.14.0/23 |
| RIR | APNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 2 β Moderate operator sophistication with routing hygiene |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | Apache/2.4.52 |
| HTTP Title | β |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 5 |
| routing | 27% | 4 | 5 |
| services | 24% | 2 | 4 |
| ownership | 27% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 28% | 14 | 24 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Mixed Signals (53%) β 3 contradiction(s) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β High authority score (80) but appears on threat lists (risk 50)
β Geo sources disagree on country: MY, US
β TLS certificate claims US but primary geo says MY
β Geo sources disagree on country: MY, US
β TLS certificate claims US but primary geo says MY
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:09 UTC |
| Last Seen | 2026-06-26 18:11:04 UTC |
| Profile Built | 2026-06-23 06:13:54 UTC |
| Data Freshness | Live |
| Signal Types | 35 |
| Total Observations | 37 |
π 35 signal types Β· 37 observations collected
This report is generated from 35+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.