IPDebrief

106.13.171.118

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 106.13.171.118/32

Date: June 22, 2026

Analyst: IPDebrief Intelligence Team

Classification: Internal Threat Assessment

---

## Executive Summary

The IP address 106.13.171.118 is associated with Baidu (ASN 38365), a major Chinese internet technology company. The IP carries a moderate risk score of 55/100 and is classified as "Moderate Risk." While no active threat indicators were detected, the IP exhibits elevated monitoring flags and has been listed on multiple DNS blacklists.

---

## Network Identity & Infrastructure

AttributeValue
**Organization**Baidu (Baidu Noc)
**ASN**38365
**Network Block**106.12.0.0/15 (APNIC)
**Country**China (CN)
**BGP Prefix**106.13.160.0/19
**Ownership**Baidu Netcom Science and Technology Co., Ltd.

Network Role: No services detected. The IP is classified as "Firewalled / No Services" with no open ports, TLS certificates, or HTTP responses observed. No email authentication (SPF/DMARC) records exist for associated domains.

---

## Threat Assessment

Current Risk Profile:

Control Plane Indicators:

---

## Observed Activity & Historical Trends

Signal Observations: 17 total observations recorded

Recent Activity (June 22, 2026):

Temporal Analysis:

---

## Neighborhood Analysis

Subnet Assessment: 106.13.171.118/24

The IP resides in a low-density subnet with no neighboring threat indicators.

---

## Relationship Graph

16 relationships identified, all categorized as "Same Network" pointing to Baidu infrastructure. No cross-organizational or external entity relationships detected.

---

## Recommended Security Actions

Priority: High (Monitoring)

Recommended Actions:

1. Increase logging verbosity for traffic from this IP

2. Review recent activity patterns for anomalies

3. Monitor for service activation (no services currently open)

Firewall Implementation:

PlatformRule
**iptables**`iptables -A INPUT -s 106.13.171.118 -j DROP`
**nftables**`nft add rule inet filter input ip saddr 106.13.171.118 drop`
**nginx**`deny 106.13.171.118;`
**pfSense**`106.13.171.118/32`
**Cloudflare WAF**Block with expression: `ip.src eq 106.13.171.118`
**AWS WAF**Block CIDR: `106.13.171.118/32`

---

## Intelligence Narrative

This IP address represents a Baidu infrastructure endpoint with moderate risk characteristics. The elevated risk score of 55/100 is primarily driven by blacklist presence and route instability rather than active malicious behavior. The IP has been listed on 8 DNS blacklists with 3 currently active listings. No open services or ports were detected, suggesting the IP may be used for non-public-facing infrastructure.

The neighborhood analysis indicates a clean subnet environment with zero threat siblings, which mitigates the likelihood of coordinated abuse. Historical observations show ASN prefix changes across the 106.13.0.0/16 space, which is consistent with Baidu's large-scale infrastructure deployments.

Recommendation: Implement monitoring rules to track activity patterns. While not immediately malicious, the blacklist presence warrants continued observation. Consider blocking if the IP initiates connection attempts to protected resources.

---

Sources: IPDebrief Intelligence Platform

Confidence Level: High

Next Review: Monitor blacklist status and route stability changes

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡จ๐Ÿ‡ณ China
Regionโ€”
Cityโ€”
Timezoneโ€”
Latitude34.77
Longitude113.72

๐Ÿข Ownership & Registration

OrganizationBaidu Noc
ASNAS38365
Network NameBaidu
CIDR Block106.12.0.0/15
RIRAPNIC
CountryCN
Abuse Contactโ€”

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierUnknown โ€” Insufficient routing data to classify
No specific classification

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
21%
22
routing
17%
11
services
8%
11
ownership
19%
22
reputation
15%
12
geolocation
21%
22
Overall17%910
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-07 23:03:28 UTC
Last Seen2026-06-25 14:01:36 UTC
Profile Built2026-06-22 08:22:19 UTC
Data FreshnessLive
Signal Types16
Total Observations20
๐Ÿ” 16 signal types ยท 20 observations collected
This report is generated from 16+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.