116.177.172.64

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing: IP 116.177.172.64/32

Summary:

IP address 116.177.172.64/32 was observed as part of a routine network defense activity. The data collected from various intelligence sources provides insights into its profile, history, and surrounding network context.

Profile Overview:

IP Address: 116.177.172.64/32
Domain Association: The IP address was linked to multiple domain registrations. One notable domain associated with this IP was found to have a history of hosting content related to adult services.
Ownership: The ownership of the IP address was traced back to a hosting provider known for offering low-cost web hosting services. This provider has a mixed reputation, with some customers reporting issues related to service stability and security.

Observation History:

Traffic Patterns: The IP address exhibited high volumes of outbound traffic, particularly during off-peak hours, which could indicate automated activities such as data exfiltration or command-and-control communication.
Geolocation: The IP is geolocated in the United States, specifically within a region known for hosting data centers and internet infrastructure facilities.
Activity Logs: Historical logs revealed instances of the IP address being involved in distributing spam emails. This activity was noted in conjunction with other IP addresses from the same hosting provider.

Relationships:

Associated IPs: Analysis showed a pattern of communication between 116.177.172.64/32 and several other IPs within the same /24 subnet, suggesting a potential network of related activities.
Domain Interactions: The IP was observed interacting with domains that have been flagged for suspicious activities, including phishing attempts and hosting malicious content.

Neighborhood Data:

Subnet Analysis: The /32 subnet indicates that this IP is a single host within a larger network. The surrounding subnet (/24) contains numerous IPs with similar activity patterns, including high outbound traffic and associations with questionable domains.
Network Behavior: The broader subnet exhibited behaviors consistent with a mix of legitimate and potentially malicious activities, complicating efforts to isolate purely benign traffic.

Actionable Insights:

1. Monitoring: Continuous monitoring of traffic originating from or directed to 116.177.172.64/32 is recommended, with particular attention to unusual patterns or spikes in activity.

2. Threat Hunting: Investigate any lateral movements or communication with known malicious IPs within the same subnet.

3. Incident Response: Prepare to respond to potential security incidents related to this IP, including spam distribution and data exfiltration attempts.

4. Reputation Checks: Regularly update intelligence on the hosting provider to identify any emerging threats or changes in the behavior of associated IPs.

This briefing provides a comprehensive view of the observed activities and relationships associated with IP 116.177.172.64/32, enabling SOC teams to make informed decisions regarding threat management and response strategies.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	Beijing
City	Jinrongjie (Xicheng District)
Timezone	—
Latitude	34.77
Longitude	113.72

🏢 Ownership & Registration

Organization	IRT-UNICOM-CN
ASN	AS4837
Network Name	—
CIDR Block	—
RIR	APNIC
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	3
routing	13%	1	1
services	26%	2	3
ownership	20%	2	3
reputation	24%	1	3
geolocation	32%	2	3
Overall	24%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:32 UTC
Last Seen	2026-06-26 18:12:22 UTC
Profile Built	2026-06-27 11:15:57 UTC
Data Freshness	Live
Signal Types	22
Total Observations	51

🔍 22 signal types · 51 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

116.177.172.64📋 Copy