39.105.118.244
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP Address 39.105.118.244/32
Summary:
IP address 39.105.118.244, located in China, was observed to be associated with a range of activities primarily linked to web hosting and online services. This IP was identified as part of a hosting infrastructure utilized by various websites, some of which have been noted for hosting content of varying legitimacy. The neighborhood data suggests the presence of similar hosting infrastructure entities in the vicinity.
Observation History:
- Hosting Services: The IP address was predominantly used for hosting websites. Analysis indicated that it was part of a shared hosting environment, supporting multiple domains. This environment included both legitimate business sites and websites with content that raised red flags, including potential phishing attempts and sites flagged for distributing questionable or infringing materials.
- Content Analysis: Some hosted content was associated with e-commerce operations, forums, and personal blogs. However, specific sites were noted to display characteristics commonly associated with phishing operations, such as mimicking well-known brands and using deceptive URLs.
- Network Traffic: Monitoring of network traffic patterns revealed regular inbound and outbound connections, typical of a web hosting setup. Notably, there was an increased volume of traffic to/from regions known for high-risk cyber activities, suggesting potential exploitation of hosted sites for malicious purposes.
Relationships:
- Domain Association: The IP was linked to several domain names, some of which had been previously blacklisted or reported in cyber threat databases. This connection implies a potential risk for organizations interacting with these domains.
- Shared Hosting Environment: The IP was part of a larger hosting infrastructure, indicating that other IPs within the same range could potentially host similar types of content or services.
Neighborhood Data:
- Proximity Analysis: The neighborhood of 39.105.118.244 includes other IP addresses with similar hosting characteristics. Analysis suggests a concentration of shared web hosting services, which could be indicative of a larger hosting provider's network.
- Risk Assessment: The surrounding IP addresses have been associated with both legitimate and questionable activities. This mixed use environment underscores the importance of continuous monitoring and validation of traffic to and from these IPs.
Actionable Insights:
- Monitoring and Filtering: Implement network monitoring tools to detect and analyze traffic patterns associated with this IP address. Consider filtering traffic from known malicious domains linked to this IP.
- Phishing Detection: Enhance phishing detection mechanisms to identify and block deceptive content originating from or routed through this IP.
- Threat Intelligence Sharing: Share findings with relevant cybersecurity communities to aid in the identification and mitigation of potential threats associated with this IP and its neighborhood.
This briefing provides a comprehensive overview of the activities and risks associated with IP 39.105.118.244/32, equipping SOC analysts with the necessary information to protect their networks effectively.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | security trouble |
| ASN | AS37963 |
| Network Name | ALISOFT |
| CIDR Block | 39.108.0.0/16 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 2 |
| routing | 25% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 19% | 1 | 2 |
| geolocation | 27% | 2 | 2 |
| Overall | 24% | 9 | 11 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 12:13:18 UTC |
| Last Seen | 2026-06-06 21:26:33 UTC |
| Profile Built | 2026-06-06 21:29:15 UTC |
| Data Freshness | Live |
| Signal Types | 14 |
| Total Observations | 14 |
๐ 14 signal types ยท 14 observations collected
This report is generated from 14+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.