43.226.39.182
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing for 43.226.39.182
Date: June 10, 2026
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Threat Indicators: No malicious activity detected (no known attackers, spam, or campaigns).
- Network Classification: Firewalled / No Services (no open ports or active TLS/HTTP services).
- Provider: ASN 134762 (Lifen zhang / Xiaoniaoyun, China).
---
**2. Geolocation & Ownership**
- Location: Nanshan District, Shenzhen, Guangdong Province, China (geolocation accuracy ±2,500 km).
- Registry: APNIC, registered to "Xiaoniaoyun" (organization name).
- Abuse Contact: Available via RDAP.
---
**3. Network Relationships**
- Subnet: 43.226.32.0/20 (BGP prefix).
- Neighbors:
- 43.226.39.177 (risk score: 65, authority score: 50).
- No direct links to other entities (hostnames, certificates, or organizations).
---
**4. Observation History**
- Recent Activity (June 8โ10, 2026):
- Minimal risk score (0.13) inferred from DNSSEC and routing data.
- Traceroute to the IP failed to reach the target (30 hops, 29 timeouts).
- Geolocation inferred as China with 52% confidence.
---
**5. Recommendations**
- Monitor Neighbor Risk: The subnet contains one high-risk IP (43.226.39.177). Investigate if this IP is part of a broader threat cluster.
- Check Ownership: Verify "Xiaoniaoyun" as a legitimate entity, as no abuse reports are linked to this IP.
- Network Segmentation: Ensure firewalls isolate this subnet due to its firewalled status and lack of services.
---
Conclusion:
This IP exhibits no direct malicious indicators but resides in a subnet with a higher-risk neighbor. SOC teams should prioritize monitoring the subnet for lateral movement or emerging threats. No immediate action required, but ongoing surveillance is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Lifen zhang |
| ASN | AS134762 |
| Network Name | Xiaoniaoyun |
| CIDR Block | 43.226.36.0/22 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 19% | 1 | 2 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 23% | 2 | 2 |
| Overall | 16% | 7 | 9 |
Coverage: 5/6 dimensions ยท Data sufficiency: partial
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-23 00:20:50 UTC |
| Last Seen | 2026-06-26 02:15:30 UTC |
| Profile Built | 2026-06-25 15:19:28 UTC |
| Data Freshness | Fresh |
| Signal Types | 17 |
| Total Observations | 17 |
๐ 17 signal types ยท 17 observations collected
This report is generated from 17+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.