112.26.99.93
# IP Intelligence Briefing: 112.26.99.93/32
Date: 2026-06-22
Classification: High Risk / Monitor
Risk Score: 80/100
---
## Executive Summary
IP address 112.26.99.93/32 is associated with China Mobile LTE/5G mobile network infrastructure originating from Hefei, China (ASN 9808, CMNET). The IP exhibits an elevated risk profile (80/100) despite showing minimal direct threat indicators. Recommended action: implement monitoring and consider blocking based on operational requirements.
---
## Ownership & Classification
| Attribute | Value |
|---|---|
| Organization | haijun li |
| Netname | CMNET |
| ASN | 9808 |
| Country | CN (China) |
| City | Hefei |
| Mobile Carrier | China Mobile (MCC 460, MNC 00) |
| Technology | LTE/5G |
| Registration | APNIC |
| CIDR Block | 112.0.0.0/10 |
Network Role: Mobile device with no open services. Classification indicates firewalled/no services detected.
---
## Threat Assessment
Risk Indicators:
- Risk Score: 80/100 (High Risk)
- Operator Score: 0.1304 (Minimal)
- DNSBL Listings: 4 of 8 total lists
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None
Threat Profile: No direct evidence of known attacker status, spam source, or Tor exit node activity.
---
## Observation History
19 total observations recorded. Key timeline:
- 2026-06-17: Multiple signals detected including DNSBL listings (5 of 8 lists with "high" severity rating)
- 2026-06-22: Recent signals show operator score 0.1304 (Minimal), geolocation inference confirming China with 52% confidence
No persistent malicious behavior detected. Threat observation count: 1.
---
## Neighborhood Analysis
Subnet: 112.26.99.93/24
- Abuse Density: 0
- Classification: mostly_clean
- Active Siblings: 1
- Threat Siblings: 0
The IP resides in a subnet with minimal abuse activity. No correlated threat siblings detected within the /24.
---
## Relationships
18 relationship entries identified, all classified as "Same Network" (CMNET). No external infrastructure associations detected.
---
## Recommended Actions
Immediate:
1. Monitor: Increase logging verbosity for this IP source
2. Block: Consider implementing firewall rules based on risk profile
Firewall Rules Provided:
- iptables: `iptables -A INPUT -s 112.26.99.93 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 112.26.99.93 drop`
- nginx: `deny 112.26.99.93;`
- pfSense: `112.26.99.93/32`
- Cloudflare WAF: Block with expression `ip.src eq 112.26.99.93`
- AWS WAF: Add `112.26.99.93/32` to IPSet
---
## Intelligence Assessment
The elevated risk score (80/100) conflicts with minimal direct threat indicators and clean neighborhood metrics. This discrepancy may stem from historical association patterns or DNSBL reputation. The IP is classified as a mobile residential device rather than infrastructure, reducing likelihood of coordinated attack activity.
Recommended SOC Action: Monitor for anomalous behavior patterns. If the IP exhibits malicious activity (port scanning, brute force attempts, data exfiltration), implement blocking rules. Otherwise, maintain logging oversight for potential correlation with other threat indicators.
---
*Generated by IPDebrief Intelligence Platform. All data sourced from IPDebrief tools.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | haijun li |
| ASN | AS9808 |
| Network Name | CMNET |
| CIDR Block | 112.0.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-26 18:10:25 UTC |
| Profile Built | 2026-06-22 09:37:15 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.