106.13.171.118
# IP Intelligence Briefing: 106.13.171.118/32
Date: June 22, 2026
Analyst: IPDebrief Intelligence Team
Classification: Internal Threat Assessment
---
## Executive Summary
The IP address 106.13.171.118 is associated with Baidu (ASN 38365), a major Chinese internet technology company. The IP carries a moderate risk score of 55/100 and is classified as "Moderate Risk." While no active threat indicators were detected, the IP exhibits elevated monitoring flags and has been listed on multiple DNS blacklists.
---
## Network Identity & Infrastructure
| Attribute | Value |
|---|---|
| **Organization** | Baidu (Baidu Noc) |
| **ASN** | 38365 |
| **Network Block** | 106.12.0.0/15 (APNIC) |
| **Country** | China (CN) |
| **BGP Prefix** | 106.13.160.0/19 |
| **Ownership** | Baidu Netcom Science and Technology Co., Ltd. |
Network Role: No services detected. The IP is classified as "Firewalled / No Services" with no open ports, TLS certificates, or HTTP responses observed. No email authentication (SPF/DMARC) records exist for associated domains.
---
## Threat Assessment
Current Risk Profile:
- Overall Risk Score: 55/100 (Moderate)
- Blacklist Status: 3/8 DNS blacklists
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Known Campaigns: None identified
Control Plane Indicators:
- Route stability: False (route changes detected)
- Operator score: 0.1304 (Minimal)
- RPKI state: Unavailable
- DNSSEC: Valid
---
## Observed Activity & Historical Trends
Signal Observations: 17 total observations recorded
Recent Activity (June 22, 2026):
- Multiple blacklist listings detected with high severity ratings
- 8 total blacklist entries, 2 currently active
- ASN routing observed across multiple prefixes (106.13.160.0/19, 106.13.128.0/18)
- No persistent malicious behavior flagged
Temporal Analysis:
- No persistent malicious activity detected
- Ownership changes: 0
- Threat observation count: 0
- Not classified as persistently malicious
---
## Neighborhood Analysis
Subnet Assessment: 106.13.171.118/24
- Abuse Density: 0 (Clean)
- Threat Siblings: 0
- Active Siblings: 0
- Classification: Clean
The IP resides in a low-density subnet with no neighboring threat indicators.
---
## Relationship Graph
16 relationships identified, all categorized as "Same Network" pointing to Baidu infrastructure. No cross-organizational or external entity relationships detected.
---
## Recommended Security Actions
Priority: High (Monitoring)
Recommended Actions:
1. Increase logging verbosity for traffic from this IP
2. Review recent activity patterns for anomalies
3. Monitor for service activation (no services currently open)
Firewall Implementation:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 106.13.171.118 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 106.13.171.118 drop` |
| **nginx** | `deny 106.13.171.118;` |
| **pfSense** | `106.13.171.118/32` |
| **Cloudflare WAF** | Block with expression: `ip.src eq 106.13.171.118` |
| **AWS WAF** | Block CIDR: `106.13.171.118/32` |
---
## Intelligence Narrative
This IP address represents a Baidu infrastructure endpoint with moderate risk characteristics. The elevated risk score of 55/100 is primarily driven by blacklist presence and route instability rather than active malicious behavior. The IP has been listed on 8 DNS blacklists with 3 currently active listings. No open services or ports were detected, suggesting the IP may be used for non-public-facing infrastructure.
The neighborhood analysis indicates a clean subnet environment with zero threat siblings, which mitigates the likelihood of coordinated abuse. Historical observations show ASN prefix changes across the 106.13.0.0/16 space, which is consistent with Baidu's large-scale infrastructure deployments.
Recommendation: Implement monitoring rules to track activity patterns. While not immediately malicious, the blacklist presence warrants continued observation. Consider blocking if the IP initiates connection attempts to protected resources.
---
Sources: IPDebrief Intelligence Platform
Confidence Level: High
Next Review: Monitor blacklist status and route stability changes
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Baidu Noc |
| ASN | AS38365 |
| Network Name | Baidu |
| CIDR Block | 106.12.0.0/15 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 17% | 9 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:28 UTC |
| Last Seen | 2026-06-25 14:01:36 UTC |
| Profile Built | 2026-06-22 08:22:19 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 20 |
Full dossier details are available via our API.