112.65.211.161
IP Intelligence Briefing: 112.65.211.161
Date: 2026-06-13
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: ChinaUnicom Hostmaster (ASN 17621)
- Geolocation: Shanghai, China (34.77°N, 113.72°E)
- Network Role: Firewalled / No Services (no open ports or TLS certificates detected)
- Threat Indicators: No malicious activity, no known campaigns, no DNSBL listings.
---
**2. Observation History**
- 13 signals recorded over 30 days:
- Low confidence (0.30โ0.75) for most entries.
- DNSSEC validation confirmed (no spoofing detected).
- One DNSBL listing (1/8 total lists) with "high" severity, but no active threats.
- No persistent malicious activity (threat persistence score: 0).
---
**3. Relationships**
- Linked to network: UNICOM-SH (same ISP, ASN 17621).
- No direct connections to known malicious entities or subnets.
---
**4. Neighborhood Analysis**
- /24 subnet: 112.65.211.0/24 (ChinaUnicom).
- Neighbor IPs:
- 112.65.211.222: Risk score 40 (Moderate Risk).
- Others: No risk scores or abuse indicators.
- Subnet abuse density: 0% (low risk).
---
**5. Recommendations**
- Monitor DNSBL status: The IP is listed on one high-severity DNSBL, but no active threats are detected.
- Check for new services: No open ports or TLS certificates were observed, but ensure no unexpected services emerge.
- No firewall action required: Low-risk, no malicious indicators, and no high-severity threats.
Conclusion: This IP is part of a legitimate ChinaUnicom network with no current malicious activity. No immediate action is needed, but ongoing monitoring is advised for any changes in threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ChinaUnicom Hostmaster |
| ASN | AS17621 |
| Network Name | UNICOM-SH |
| CIDR Block | 112.64.0.0/15 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 0% | 0 | 0 |
| routing | 0% | 0 | 0 |
| services | 0% | 0 | 0 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 6% | 3 | 4 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-04 06:34:33 UTC |
| Last Seen | 2026-06-13 00:18:14 UTC |
| Profile Built | 2026-06-13 01:03:34 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 17 |
Full dossier details are available via our API.