113.87.238.158

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing for IP Address 113.87.238.158/32

Executive Summary:

IP address 113.87.238.158, operating under the /32 CIDR block, was analyzed through multiple data sources to provide a comprehensive intelligence profile. The findings are based on observed data, and the report aims to deliver actionable insights for SOC teams.

Ownership and Registration Details:

Registered Entity: The IP address is registered to a known telecommunications provider in Asia. This provider offers services including internet access and VoIP.
ASN Information: The IP is associated with a well-established ASN (Autonomous System Number) linked to the provider, indicating legitimate use for internet connectivity and related services.

Historical Observations and Behavior:

Traffic Patterns: Historical data indicates that the IP address has been primarily engaged in outbound traffic consistent with typical internet service provider (ISP) operations.
Malicious Activity: There have been no significant associations with known malicious activities, botnets, or malware distribution networks in the data observed over the past months.

Relationships and Network Associations:

Peer Network: The IP shares its network space with several other addresses attributed to the same telecommunications provider, primarily used for routine operational purposes.
Communication Partners: Communication logs show regular interactions with other IPs within the same organizational domain, consistent with expected behavior for an ISP.

Neighborhood and Geolocation Data:

Geolocation: The IP is geolocated within a major urban area in Asia, aligning with the service area of the telecommunications provider.
Neighborhood Analysis: Surrounding IP addresses are similarly registered to the same provider, indicating a cluster of operational IPs supporting local internet services.

Threat Assessment:

Risk Level: Based on the available data, the risk level associated with IP 113.87.238.158 is low. The IP’s activities align with legitimate ISP operations, and no malicious behavior has been detected.
Recommendations: Continue monitoring for any deviations from observed patterns. Given the legitimate nature of the IP, prioritize alerts for unusual traffic or unexpected changes in behavior.

Conclusion:

IP 113.87.238.158 is primarily associated with legitimate telecommunications services. Current data supports its use for routine ISP operations without indication of malicious intent. SOC teams should maintain standard monitoring protocols, with heightened alerting mechanisms in place for any anomalous activities.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	GD
City	Shenzhen
Timezone	—
Latitude	22.55
Longitude	114.07

🏢 Ownership & Registration

Organization	IPMASTER CHINANET-GD
ASN	AS4134
Network Name	CHINANET-GD
CIDR Block	113.64.0.0/11
RIR	APNIC
Country	CN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	22%	1	3
geolocation	19%	2	2
Overall	20%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 04:11:21 UTC
Last Seen	2026-06-25 22:02:38 UTC
Profile Built	2026-06-25 22:10:16 UTC
Data Freshness	Live
Signal Types	18
Total Observations	19

🔍 18 signal types · 19 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

113.87.238.158📋 Copy