113.199.227.233
IP Intelligence Briefing: 113.199.227.233
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN: 23752
- Organization: IRT-NPTELECOM-NP (Russian entity)
- Geolocation: Registered to the US (New York), but ASN ownership is linked to Russia.
- Network Role: Residential endpoint (non-cloud, non-CDN).
- Threat Indicators: No malicious activity detected (no indicators, blacklists, or campaigns).
- Control Plane:
- BGP: Valid RPKI, stable routes, and no recent changes.
- DNSSEC: Validated.
- Operator Score: 0.52 (Moderate risk).
---
**2. Observation History**
- Latest Activity:
- 2026-06-17: ICMP validation failed (firewall blocking probes).
- 2026-06-02: Subnet abuse density classified as "mostly_clean" (1/24 IPs flagged).
- Trend: No persistent malicious behavior; threat observation count is low.
---
**3. Relationships**
- Linked Entities:
- Network: Multiple ties to "NTCINTERNET" (potential misclassification or typo).
- No Direct Threat Connections: No subnets, domains, or certificates linked to malicious activity.
---
**4. Neighborhood Analysis**
- Subnet: 113.199.227.233/24
- Neighbors:
- No Active Neighbors: Empty neighbor list suggests isolated or sparse subnet activity.
- Abuse Density: 0 (low risk).
---
**5. Actionable Insights**
- Monitor Geolocation Discrepancy: Verify if the US registration is accurate or if thereβs a misattribution.
- Watch for Subnet Changes: The subnetβs abuse density may increase; monitor for new risky IPs.
- Check Residential Behavior: Residential endpoints can be benign but may occasionally host malicious payloads.
- Validate Route Stability: Confirm BGP stability and RPKI validity to ensure no route hijacking.
Final Assessment: Low to moderate risk. No immediate threat detected, but geolocation inconsistencies and subnet activity warrant further monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | IRT-NPTELECOM-NP |
| ASN | AS23752 |
| Network Name | β |
| CIDR Block | 113.199.224.0/22 |
| RIR | APNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 2 β Moderate operator sophistication with routing hygiene |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 43% | 3 | 5 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 15% | 2 | 2 |
| Overall | 25% | 13 | 20 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-22 09:38:30 UTC |
| Profile Built | 2026-06-22 09:43:46 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 30 |
Full dossier details are available via our API.