111.57.17.167
IP Intelligence Briefing: 111.57.17.167
Date: 2026-06-07
---
**1. Core Profile**
- Risk Score: 0 (Low Risk)
- Provider: China Mobile (IRT-CHINAMOBILE-CN)
- Geolocation: Beijing, China (34.77°N, 113.72°E)
- Network Role: Mobile Carrier (CMNET)
- Subnet: 111.57.17.0/24
- ASN: Unassigned (APNIC registry)
---
**2. Threat Indicators**
- Malicious Activity: No indicators (no blacklists, spam, or campaigns).
- DNS: No PTR records or domain associations.
- Services: No open ports, TLS certificates, or HTTP banners detected.
- Behavioral: No honeypot hits, enumeration attempts, or WAF violations.
---
**3. Observation History**
- Latest Signal: Geolocation (MaxMind) and network prefix (Team Cymru) recorded on 2026-06-07.
- Longevity: 1 observation recorded (no persistence or historical trends).
---
**4. Network Relationships**
- Linked Entities:
- Subnet: CMNET (China Mobile)
- Shared network: 111.57.17.0/24
- Neighbors:
- High-risk siblings: 3 IPs with risk scores of 80 (abuse density: 1).
- Notable IPs: 111.57.17.169, 111.57.17.171, 111.57.17.172 (all high-risk).
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor Subnet: The 111.57.17.0/24 subnet contains high-risk neighbors (80+ risk scores). Investigate potential lateral movement or shared infrastructure risks.
- Verify Ownership: Confirm China Mobile's CMNET network activity to rule out spoofing or misattribution.
- Baseline Traffic: Establish baseline behavior for this mobile carrier IP to detect anomalies in traffic patterns.
---
Conclusion:
111.57.17.167 is a low-risk mobile carrier IP in Beijing, China, with no direct malicious indicators. However, its subnet contains high-risk neighbors, warranting closer scrutiny. No immediate mitigation required, but monitor for unusual activity in the CMNET network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-CHINAMOBILE-CN |
| ASN | AS9808 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 2 |
| routing | 25% | 1 | 1 |
| services | 19% | 1 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 21% | 8 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Recent
| First Seen | 2026-05-16 02:53:52 UTC |
| Last Seen | 2026-06-26 14:30:51 UTC |
| Profile Built | 2026-06-14 01:45:32 UTC |
| Data Freshness | Recent |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.