38.65.137.126

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 38.65.137.126

Classification: Moderate Risk | Risk Score: 55/100 | Date: Current

---

## Executive Summary

IP address 38.65.137.126 presents a moderate risk profile (55/100) associated with IENTC S de RL de CV (ASN 28458), a Mexican ISP. The IP is geolocated to Guanajuato, Mexico, though geolocation validation indicates inconsistencies. The address is firewalled with no active services, but exists within a high-abuse subnet (38.65.137.0/24) exhibiting elevated abuse density and multiple threat siblings.

---

## Network Ownership & Infrastructure

Organization: IENTC S de RL de CV
ASN: 28458
CIDR Block: 38.65.136.0/22 (NET-38-65-136-0-1)
Network Classification: Firewalled / No Services
DNS Record: 38-65-137-126.customer.ientc.net.mx
Reverse DNS: Forward confirmed; no forward resolution ambiguity

---

## Threat Indicators

Indicator	Status
Is Tor Exit Node	No
Known Attacker	No
Spam Source	No
Blacklist Count	0
DNSBL Listed	3/8 lists
Operator Score	0.1304 (Minimal)

---

## Neighborhood Analysis (38.65.137.0/24)

The /24 subnet exhibits elevated abuse characteristics:

Abuse Density: 0.091 (9.1%)
Classification: high_abuse
Total Siblings: 11
Active Siblings: 4
Threat Siblings: 7

High-Risk Neighbors:

38.65.137.97: Risk 80
38.65.137.96: Risk 70
38.65.137.107: Risk 70
38.65.137.116: Risk 70

The subnet's high-abuse classification suggests coordinated or shared infrastructure risk.

---

## Observation History

Total Observations: 19
Latest: 2026-06-25
Notable Finding: 2026-06-05 observation classified subnet as "high_abuse" with abuse_density 0.6364
Risk Persistence: 0 days (non-persistently malicious)
Ownership Changes: 0

---

## Recommended Actions

Immediate:

Increase logging verbosity for traffic from this IP
Review recent activity patterns and connection attempts

Firewall Mitigation:

```bash

# iptables

iptables -A INPUT -s 38.65.137.126 -j DROP

# nftables

nft add rule inet filter input ip saddr 38.65.137.126 drop

# nginx

deny 38.65.137.126;

# pfSense

38.65.137.126/32

# Cloudflare WAF

ip.src eq 38.65.137.126 → block

# AWS WAF

Addresses: [38.65.137.126/32]

Description: IPDebrief risk 55

```

---

## Analyst Notes

The IP lacks direct threat indicators but presents contextual risk through neighborhood proximity to multiple high-abuse addresses. The subnet's classification as "high_abuse" warrants defensive posture adjustments. Monitor for activity patterns consistent with the threat siblings identified in the /24.

*This briefing is based on IPDebrief intelligence data. Combine with other signals before taking action.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	Guanajuato
City	Apaseo el Grande
Timezone	—
Latitude	20.56
Longitude	-100.54

🏢 Ownership & Registration

Organization	IENTC S de RL de CV
ASN	AS28458
Network Name	NET-38-65-136-0-1
CIDR Block	38.65.136.0/22
RIR	ARIN
Country	Mexico
Abuse Contact	—

🌐 DNS Intelligence

PTR	38-65-137-126.customer.ientc.net.mx
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`38-65-137-126.customer.ientc.net.mx`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Present
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	20%	2	3
routing	13%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	19%	1	3
geolocation	19%	2	2
Overall	18%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 11:10:33 UTC
Last Seen	2026-06-25 06:23:04 UTC
Profile Built	2026-06-25 06:31:26 UTC
Data Freshness	Live
Signal Types	18
Total Observations	18

🔍 18 signal types · 18 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

38.65.137.126📋 Copy