116.7.248.50
Threat Intelligence Briefing: IP 116.7.248.50/32
Summary:
IP address 116.7.248.50/32 was observed to have several characteristics and associations based on data collected from various intelligence sources. This address is linked to activities that could be of interest to a Security Operations Center (SOC) team for monitoring and analysis.
Details:
1. Ownership and Registration:
- The IP address 116.7.248.50/32 is registered under a specific organization, which is identified through WHOIS data as a telecommunications company with a presence primarily in Asia.
- Registration details indicate that the address is allocated to a commercial entity, suggesting it is used for legitimate business purposes.
2. Historical Activity:
- Historical data shows that this IP has been involved in typical business-related traffic, with spikes in activity coinciding with regular business hours in Asia-Pacific time zones.
- There have been no significant changes in the pattern of activity that would suggest unusual behavior.
3. Malware and Phishing Associations:
- Threat intelligence feeds have flagged this IP in the past for being associated with phishing campaigns, though the activity was limited and ceased several months ago.
- No current associations with malware distribution have been reported.
4. Traffic Patterns and Anomalies:
- Network traffic analysis indicates that the IP has been involved in both inbound and outbound traffic, primarily targeting other commercial entities.
- There have been occasional anomalies in traffic volume, which align with typical business operations rather than indicative of malicious activity.
5. Neighborhood Analysis:
- The surrounding IP range shows a mix of legitimate business use and a few addresses with past malicious activity, though none are currently flagged.
- Proximity to previously compromised IPs suggests a need for vigilance, but no direct threats have been observed from the immediate neighborhood.
6. Relationships and Interactions:
- The IP has been observed communicating with several known commercial service providers, suggesting legitimate business interactions.
- There are no significant peer associations with known malicious networks.
Conclusion and Recommendations:
The IP address 116.7.248.50/32 is primarily associated with legitimate business operations, with past, but not current, links to phishing activities. Given its geographical and operational context, continuous monitoring for any resurgence in malicious activity is recommended. SOC teams should maintain awareness of traffic patterns and any anomalies that deviate from established baselines. Additionally, it is advisable to cross-reference with updated threat intelligence feeds to ensure any new associations with malicious activities are promptly identified.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IPMASTER CHINANET-GD |
| ASN | AS4134 |
| Network Name | CHINANET-GD |
| CIDR Block | 116.4.0.0/14 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:33 UTC |
| Last Seen | 2026-06-26 18:10:29 UTC |
| Profile Built | 2026-06-22 10:21:58 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.