# INTELLIGENCE BRIEFING: IP 49.124.145.56/32
Classification: High Risk | Date: 2026-06-23 | Analyst: SOC Intelligence
## EXECUTIVE SUMMARY
IP address 49.124.145.56 belongs to DiGi IP Support (ASN 4818, DIGI-AS-AP) and registers to the 49.124.0.0/15 CIDR block. The IP carries an elevated risk score of 70/100, classifying it as High Risk. The address is geolocated to Shah Alam, Selangor, Malaysia, with one threat observation recorded in the signal history.
## OWNERSHIP AND GEOLOCATION
- Organization: DiGi IP Support (ASN 4818)
- Network: 49.124.0.0/15 (APNIC RIR)
- Country: Malaysia (MY)
- Region: Selangor, Shah Alam
- Coordinates: 4.21° N, 101.98° E
- Geolocation Confidence: Consensus verified across multiple sources
## THREAT PROFILE
- Risk Score: 70/100 (High Risk)
- Abuse Confidence: Not explicitly scored
- Threat Indicators: No active threat indicators or known campaigns detected
- Blacklist Status: Listed on 4 of 8 DNSBLs (dnsblListedCount: 4)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
## NETWORK SERVICES AND FINGERPRINT
- Open Ports: None detected
- Service Status: Firewalled / No Services
- TLS Certificate: Not configured
- HTTP Title: Not available
- Server Banner: No response
## OBSERVATION HISTORY
Signal observation history contains 17 recorded observations. Key observations include:
- 2026-06-23 15:05: Geolocation probe reported ICMP blocked with inability to validate; claimed latitude 2.5°, longitude 112.5° (distance: 10,851.1 km from geolocation)
- 2026-06-23 15:04: Operator score rated "Minimal" (0.1304)
- 2026-06-18 11:14: Geolocation inference confirmed Malaysia (4.21° N, 101.98° E) with 400 km accuracy radius
- 2026-06-18 11:11: Operator score rated "Minimal" (0.1304)
## NETWORK NEIGHBORHOOD ANALYSIS
The /24 subnet (49.124.145.56/24) exhibits elevated abuse density:
- Abuse Density Score: 1.0 (High)
- Neighbor Count: 1 active neighbor
- Threat Siblings: 1
- Inherited Risk: 2
- Neighbor IP: 49.124.145.57 (Risk Score: 80/100, Authority Score: 50)
The neighborhood classification is "mostly_clean" despite high abuse density, suggesting mixed legitimate and potentially compromised traffic patterns.
## RELATIONSHIP GRAPH
Relationship analysis returned 17 entries, all indicating "Same Network" relationships to DIGI-AS-AP. No organizational, hostname, or certificate relationships were established beyond the network association.
## RECOMMENDED ACTIONS
Based on risk score 70/100, the following remediation measures are recommended:
Monitoring:
- Increase logging verbosity for all traffic from this IP
- Review recent activity patterns and connection attempts
Firewall Implementation:
- iptables: `iptables -A INPUT -s 49.124.145.56 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 49.124.145.56 drop`
- nginx: `deny 49.124.145.56;`
- pfSense: Block 49.124.145.56/32
- Cloudflare WAF: Block via expression `ip.src eq 49.124.145.56`
- AWS WAF: Add 49.124.145.56/32 to block list
Contextual Note: The neighbor IP 49.124.145.57 carries an elevated risk score of 80/100. Consider evaluating the broader /24 subnet (49.124.145.0/24) for additional threat correlation.
---
*Intelligence generated by IPDebrief. These recommendations are probabilistic and should be combined with other signals before taking action.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DiGi IP Support |
| ASN | AS4818 |
| Network Name | DIGI-AS-AP |
| CIDR Block | 49.124.0.0/15 |
| RIR | APNIC |
| Country | MY |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:23 UTC |
| Last Seen | 2026-06-26 18:11:23 UTC |
| Profile Built | 2026-06-23 15:13:04 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.