IPDebrief

202.70.78.237

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing: IP Address 202.70.78.237/32

1. General Information:

2. Historical and Current Observations:

3. Relationships and Associations:

- The IP has been linked with a range of malicious activity, primarily in the form of reconnaissance, where it attempts to gather information on potential targets.

- Connections have been observed with a broader network of IP addresses known for similar scanning behavior, often associated with state-sponsored entities or organized cyber threat groups.

4. Neighborhood Analysis:

- Neighboring IP addresses within the same subnet have shown similar scanning behaviors, reinforcing the hypothesis of coordinated reconnaissance activities.

- Some adjacent IPs have been blacklisted by certain organizations due to persistent scanning attempts, indicating a larger, possibly automated network of reconnaissance operations.

5. Threat Assessment:

- Monitoring: Continue monitoring traffic from and to this IP, particularly for any changes in volume or patterns that might indicate a shift from reconnaissance to active exploitation.

- Incident Response Preparedness: Ensure that incident response teams are aware of this IP's history and have plans in place should any direct attacks originate from it.

- Network Defense: Strengthen defenses against scanning activities, such as implementing robust firewall rules and intrusion detection systems to detect and mitigate unauthorized scanning attempts.

Conclusion:

The IP address 202.70.78.237/32, while currently showing reduced malicious activity, maintains a history and association with reconnaissance operations. SOC teams are advised to maintain vigilance and apply enhanced monitoring and defensive measures to mitigate potential threats.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ณ๐Ÿ‡ต NP
Regionโ€”
Cityโ€”
Timezoneโ€”
Latitude28.00
Longitude84.00

๐Ÿข Ownership & Registration

OrganizationIRT-NPTELECOM-NP
ASNAS23752
Network Nameโ€”
CIDR Blockโ€”
RIRAPNIC
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierUnknown โ€” Insufficient routing data to classify
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
24%
23
routing
13%
11
services
13%
11
ownership
27%
23
reputation
22%
13
geolocation
13%
11
Overall19%812
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Fresh

First Seen2026-05-13 12:12:47 UTC
Last Seen2026-06-25 07:54:58 UTC
Profile Built2026-06-22 20:20:22 UTC
Data FreshnessFresh
Signal Types15
Total Observations15
๐Ÿ” 15 signal types ยท 15 observations collected
This report is generated from 15+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.