# IP Intelligence Briefing: 113.140.95.2
Date: [Current Date]
IP Address: 113.140.95.2/32
Risk Classification: High Risk (Score: 80/100)
---
## Executive Summary
IP 113.140.95.2 is a high-risk endpoint associated with China Telecom mobile infrastructure. The address exhibits elevated threat indicators including blacklist listings across 6 of 8 DNSBLs and operates within a subnet demonstrating 100% abuse density. No active open services or reverse DNS records were identified.
---
## Technical Profile
Ownership & Registration:
- ASN: 4134 (CHINANET-SN)
- Organization: Xianghong Cao
- Network Block: 113.136.0.0/13 (APNIC)
- Abuse Contact: Available via RDAP
Geolocation:
- Country: China (CN)
- Region: Shanxi Province
- City: Xi'an
- Geo Source Consensus: Confirmed
- Location Accuracy: 2,500 km radius
Network Classification:
- Connection Type: Mobile (China Telecom LTE/5G)
- Services: No open ports detected (Firewalled)
- DNS Records: None (Forward resolution failed)
- Email Authentication: SPF/DMARC not configured
---
## Threat Assessment
Risk Indicators:
- Overall Risk Score: 80 (High)
- DNSBL Listings: 6 of 8 lists
- Known Campaigns: None identified
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
Abuse Context:
- Subnet Abuse Density: 1.0 (Maximum)
- Threat Siblings: 2 of 2 active IPs in /24
- Neighbor Risk: 113.140.95.250 (Risk Score: 80)
- Classification: Mostly clean (subnet-level) with high inherited risk
---
## Temporal Analysis
Observation History (21 signals):
- Most Recent Signal: 2026-06-22 (DNSBL listing - High severity, 5/8 lists)
- Signal Types: Blacklist listings, ownership verification, subnet analysis, operator scoring
- Threat Persistence: 0 days
- Persistence Classification: Not persistently malicious
- Ownership Changes: 0
Trend Analysis: The IP has accumulated 21 observation signals, with the most recent activity showing continued blacklist presence. No significant risk escalation detected in the observation window.
---
## Related Entities
Network Relationships:
- Primary Association: CHINANET-SN (19 network-level relationships)
- Control Plane: Origin ASN 4134, BGP Prefix 113.136.0.0/13
- Route Stability: Stable (0 route changes in 30 days)
- IRR Consistency: N/A
---
## Recommended Actions
Firewall Rules:
- Block inbound traffic from 113.140.95.0/24
- Monitor for outbound connections to this subnet
- Implement rate limiting for mobile carrier traffic patterns
Monitoring Priorities:
- Track blacklist status changes (currently on 6/8 DNSBLs)
- Monitor for service activation on the IP
- Watch for related IPs in the /24 subnet (113.140.95.250 identified as high-risk neighbor)
Threat Hunting Indicators:
- Mobile carrier signatures (China Telecom, MCC: 460, MNC: 03)
- Xi'an, Shanxi Province geolocation context
- High-risk subnet association (100% abuse density)
---
Classification: High Risk
Action Required: Monitor and block based on organizational security policy
Confidence Level: High
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Xianghong Cao |
| ASN | AS4134 |
| Network Name | CHINANET-SN |
| CIDR Block | 113.136.0.0/13 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 32% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 27% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 18:10:25 UTC |
| Profile Built | 2026-06-22 09:53:31 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.