IP Risk Score: 63 / 100

This IP presents a moderate risk and may be associated with automated activity. Moderate behavioral signals suggest possible automated probing or scanning. This assessment is backed by strong and consistent detection signals. The combined signals place this IP in a moderate risk category. Monitoring is recommended, with defensive action considered if activity continues.

Detect suspicious IPs early

What is this IP address?

IP Address: 170.238.51.238

Country: Brazil flag

Brazil (BR)

Region Name: São Paulo (SP)

City: Amparo

ISP: Desktop Sigmanet Comunicação Multimídia SA

Organization: Desktop Sigmanet Comunicação Multimídia SA

Threat level: 63 / 100
Conf. level: 100 / 100

Properties

ASN: AS28649

AS Name: Desktop Sigmanet Comunicação Multimídia SA

Timezone: America/Sao_Paulo

Status: Suspicious

Observed Client Profile

OS: Unknown (100%)
Device Type: Desktop (100%)
Browser Family: Unknown (100%)
Rendering Engine: Unknown (100%)

Behavioral Indicators

The IP shows a single access event with a malformed user-agent indicative of potential automation. The lack of JavaScript support and absence of reverse DNS raise concerns about the legitimacy of the request. While there are no honeypot hits, the overall behavior suggests possible probing activity.

The supernet (170.238.0.0/16), which this IP belongs to, exhibits suspicious behavior characterized by low-interaction, repetitive visits with a mix of outdated and modern user agents. The presence of identical or crawler-like user agents across multiple IPs, combined with DNS mismatches, suggests potential automation and scraping activities, raising concerns about coordinated stealth operations.

JavaScript Support

⚠️ No

User-Agent Samples

Opera/8.40.(Windows 95; km-KH) Presto/2.9.190 Version/12.00

Integrate IPIntel into your system

IP Location

Region: São Paulo, Brazil

City: Amparo

Local time: 2026-06-23 11:34:38

Subnet
170.238.51.0/24
Supernet
170.238.0.0/16