87.133.88.170

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 87.133.88.170/32

## Executive Summary

Risk Level: Low | Classification: Residential Mobile Connection | Geolocation: Germany

IP 87.133.88.170 is a residential mobile connection from Deutsche Telekom AG with an overall risk score of 25 (Low Risk). The IP is currently not flagged as an active threat source, though historical data indicates prior blacklist associations.

---

## Ownership & Geolocation

ASN: 3320 (DTAG-NIC / Deutsche Telekom AG)
Organization: DTAG-NIC
Country: Germany (DE)
Region: Lower Saxony
City: Wennigsen (Deister)
Registration RIR: RIPE
BGP Prefix: 87.128.0.0/10
Mobile Carrier: Telekom (Deutsche Telekom AG), MCC: 262, MNC: 01 (LTE/5G)

---

## Network Classification

Type: Residential Mobile (isMobile: true)
Infrastructure: Not cloud, CDN, VPN, proxy, or hosting
Service Status: Firewalled / No Services
DNS Resolution: Confirmed forward resolution to p578558aa.dip0.t-ipconnect.de
PTR Record: p578558aa.dip0.t-ipconnect.de
DNSSEC: Valid

---

## Threat Assessment

Current Risk Indicators: None

Blacklist Count: 0
Abuse Confidence Score: Not available
Tor Exit: No
Known Attacker: No
Spam Source: No
Known Campaigns: None detected

Control Plane Metrics:

Operator Score: 0.2609 (Basic)
Route Stability: False
DNSBL Listed: 0
Total DNSBL Lists: 8 (historical)

---

## Neighborhood Analysis (87.133.88.0/24)

Subnet Classification: Clean
Abuse Density: 0 (0% of neighbors flagged)
Risk Distribution: No high/medium/low risk neighbors detected
Active Siblings: 1
Threat Siblings: 0

---

## Historical Observations

Total Signal Observations: 19

Notable Historical Findings:

One observation (2026-06-05 11:19:41 UTC) indicated the IP was listed on 8 blacklist entries with maximum severity rating of "high"
Subsequent observations show subnet abuse density normalized to 0
Network classification remains stable as residential mobile

Temporal Indicators:

Ownership Changes: 0
Threat Persistence Days: 0
Is Persistently Malicious: False

---

## Relationship Graph

DNS Associations: p578558aa.dip0.t-ipconnect.de (multiple entries)
Network Associations: DTAG-DIAL100 (multiple entries)
Total Relationships: 30 (predominantly DNS and network associations)

---

## Recommended Actions

No specific firewall rules or blocking actions recommended at this time. The IP demonstrates low-risk characteristics consistent with residential mobile broadband usage.

Suggested Monitoring:

Monitor for emergence of open service ports
Watch for changes in network classification
Review blacklist status periodically given historical associations

---

Analysis Date: 2026-06-05

Data Sources: IPDebrief Intelligence Platform

Classification: Defensive Security Intelligence

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	HE
City	Morschen
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	DTAG-NIC
ASN	AS3320
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	p578558aa.dip0.t-ipconnect.de
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`p578558aa.dip0.t-ipconnect.de`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	15%	2	2
ownership	20%	2	3
reputation	13%	1	2
geolocation	27%	2	3
Overall	19%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-09 11:34:22 UTC
Last Seen	2026-06-25 17:19:56 UTC
Profile Built	2026-06-25 17:26:25 UTC
Data Freshness	Live
Signal Types	22
Total Observations	22

🔍 22 signal types · 22 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

87.133.88.170📋 Copy