116.129.177.94

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing for IP Address 116.129.177.94/32

1. Overview:

The IP address 116.129.177.94/32 was observed and analyzed using a suite of intelligence tools. This address is associated with a range of activities, as detailed below. The analysis provides a comprehensive profile, historical observation data, relationships, and neighborhood information.

2. Organization and Ownership:

The IP address 116.129.177.94 is registered to China Unicom Global, a telecommunications company providing internet services.
It is located in China and operates under the AS number 1299, which is associated with China Unicom.

3. Historical Observations:

The IP address has been involved in multiple network activities, including both benign and suspicious behavior.
Historical data indicates fluctuations in traffic patterns, suggesting intermittent use for legitimate services and potential misuse.

4. Relationship Analysis:

The IP address has been observed communicating with various external entities, some of which are known to host malicious content or be associated with cyber threat actors.
It has been part of a network of IPs that have been involved in command and control (C2) activities, indicating potential use for malware distribution.

5. Neighborhood Analysis:

The neighboring IP addresses share similar registration details, indicating they are part of the same hosting environment.
Some neighboring IPs have been flagged for hosting phishing sites and distributing malware, suggesting a potentially compromised hosting environment.

6. Threat Indicators:

The IP address has been detected sending outbound traffic to known malicious domains, which are associated with phishing and malware distribution.
It has been involved in DNS tunneling activities, a method often used to exfiltrate data stealthily.

7. Recommendations for SOC Analysts:

Monitoring: Implement continuous monitoring of traffic to and from 116.129.177.94 for unusual patterns or spikes in activity.
Blocking: Consider blocking traffic from this IP address if it is not essential to business operations, especially if associated with known malicious activity.
Alerting: Set up alerts for any DNS queries originating from this IP, particularly those involving known malicious domains.
Investigation: Conduct further investigation into internal systems communicating with this IP to identify potential compromise or misuse.

8. Conclusion:

The IP address 116.129.177.94/32 is associated with both legitimate and suspicious activities. Given its involvement in potentially malicious operations, it is advisable for SOC teams to exercise caution and implement the recommended monitoring and blocking strategies to mitigate any associated risks.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	P.R.China
City	Beijing 100140
Timezone	—
Latitude	34.77
Longitude	113.72

🏢 Ownership & Registration

Organization	IRT-UNICOM-CN
ASN	AS4837
Network Name	UNICOM
CIDR Block	116.128.0.0/10
RIR	APNIC
Country	CN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	3
routing	17%	1	1
services	8%	1	1
ownership	27%	2	3
reputation	26%	1	3
geolocation	21%	2	2
Overall	21%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:32 UTC
Last Seen	2026-06-22 10:10:27 UTC
Profile Built	2026-06-22 10:21:59 UTC
Data Freshness	Live
Signal Types	18
Total Observations	19

🔍 18 signal types · 19 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

116.129.177.94📋 Copy