106.38.226.51
# IP INTELLIGENCE BRIEFING: 106.38.226.51/32
Classification: LOW RISK - RESIDENTIAL ENDPOINT
Report Date: 2026-06-22
Analysis Authority: IPDebrief Threat Intelligence
---
## EXECUTIVE SUMMARY
IP address 106.38.226.51 is classified as a LOW RISK residential endpoint located in Beijing, China. The IP operates under CHINANET-BJ (ASN 23724) and demonstrates minimal threat indicators. Current risk assessment scores 25 on the 100-point scale, with no active blacklist associations or known malicious activity. The subnet (106.38.226.0/24) exhibits low abuse density (13.33%) with predominantly clean neighboring addresses.
---
## NETWORK OWNERSHIP & GEOGRAPHY
- Organization: Hostmaster of Beijing Telecom corporation CHINA TELECOM
- Network Block: 106.37.0.0/16
- ASN: 23724 (CHINANET-BJ)
- Geolocation: Beijing, China (CN)
- Network Classification: Residential Endpoint
- BGP Prefix: 106.38.224.0/19
---
## THREAT ASSESSMENT
Current Risk Profile
- Risk Score: 25 (Low Risk)
- Provider Score: 0
- Authority Score: 0
- Abuse Confidence: Not applicable
- Threat Feeds: No active detections
- Known Campaigns: None
- Blacklist Count: 0
Control Plane Indicators
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.1304 (Minimal)
- RPKI State: Not reported
- Route Stability: Unstable (isRouteStable: false)
- Threat Persistence: 0 days
---
## OBSERVATION HISTORY (22 Observations)
Most Recent Activity: 2026-06-22T08:13:05+00:00
Temporal analysis reveals consistent low-risk behavior:
- Neighborhood classification maintained at "mostly_clean"
- Abuse density stable at 0.1333
- No ownership changes detected
- No persistent malicious patterns observed
- 1 threat observation recorded in historical data
- Campaign likelihood: None
---
## SUBNET ANALYSIS (106.38.226.0/24)
Neighborhood Statistics:
- Total Siblings: 30
- Abuse Density: 13.33%
- Active Siblings: 7
- Threat Siblings: 4
- Risk Distribution: High: 0, Medium: 0, Low: 32
The /24 subnet demonstrates predominantly benign activity with a clean risk profile. All neighboring addresses scored either 0 or 25 on the risk scale, with no high-risk addresses detected.
---
## RELATIONSHIP ANALYSIS
Identified Relationships: 19
- Type: Same Network (CHINANET-BJ)
- External Associations: None detected
- Hostnames: None resolved
- Certificates: None associated
- Organizations: No external entity links
The IP maintains no relationships outside the CHINANET-BJ network infrastructure.
---
## TECHNICAL FINGERPRINTS
- Open Ports: None detected
- TLS Certificate: None
- HTTP Service: None active
- DNS PTR Resolution: None
- Forward Resolution: 0 hostnames
- Email Authentication: SPF/DMARC not configured
- Fingerprint Indicators: No HTTP headers detected
---
## RECOMMENDED ACTIONS
Current Risk Level: LOW
Recommended Action: MONITOR
Based on the risk profile assessment:
1. No immediate blocking required โ Risk score (25) falls below typical threat thresholds
2. Passive monitoring recommended โ Track for any escalation in activity
3. No firewall rules generated โ No actionable blocks identified
4. Continue standard logging โ Maintain baseline observability
Action Confidence: Probabilistic recommendations should be combined with additional signals before operational decisions.
---
## SOC INTELLIGENCE NOTES
This IP represents a residential endpoint with minimal threat characteristics. The low risk score (25) and clean neighborhood profile suggest benign residential use. No active malicious indicators, campaigns, or blacklist associations were identified.
Investigation Triggers: Monitor for any sudden changes in:
- Risk score escalation above 50
- Appearance on threat feeds
- New external relationships
- Changes in network classification
- Emergence of open ports or services
Reference ID: 106.38.226.51-20260622
Status: ACTIVE MONITORING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hostmaster of Beijing Telecom corporation CHINA TELECOM |
| ASN | AS23724 |
| Network Name | CHINANET-BJ |
| CIDR Block | 106.37.0.0/16 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:29 UTC |
| Last Seen | 2026-06-22 08:12:22 UTC |
| Profile Built | 2026-06-22 08:20:03 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.