117.159.93.197
## Intelligence Briefing: 117.159.93.197/32
Classification: HIGH RISK
Date: 2026-06-22
Analyst: IPDebrief Intelligence Team
---
Executive Summary
IP 117.159.93.197 is classified as High Risk (Score: 80) and operates as a mobile carrier infrastructure endpoint in Zhengzhou, Henan Province, China (ASN 24445, IRT-CHINAMOBILE-CN). The address shows elevated threat indicators including six DNSBL listings across eight total blacklist sources, despite being classified within a "mostly clean" subnet environment. No active services were detected on the endpoint.
---
Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 80/100 |
| **Reputation** | High Risk |
| **Country** | China (CN) |
| **Region** | Henan |
| **City** | Zhengzhou |
| **ASN** | 24445 |
| **Organization** | IRT-CHINAMOBILE-CN |
| **Network Type** | Mobile Carrier |
| **DNSBL Listings** | 6/8 sources |
| **Open Ports** | None detected |
| **Service Purpose** | Firewalled / No Services |
---
Threat Indicators
- DNSBL Presence: The IP is listed on six DNSBL feeds (6 of 8 total lists), indicating prior malicious activity or reputation issues
- No Active Services: No open ports or listening services detected; endpoint appears firewalled
- Mobile Carrier Context: Infrastructure classified as mobile carrier rather than hosting or proxy infrastructure
- No Known Campaigns: No active threat campaigns correlated to this IP
---
Historical Observation (23 Signals)
Recent signal history shows 23 observations spanning 2026-06-17 to 2026-06-22:
- 2026-06-22: DNSSEC, routing, services, ownership, reputation, and geolocation signals collected (6 dimensions)
- 2026-06-17: Subnet abuse density assessment and network classification signals
- Temporal Pattern: Observations indicate transient activity with varying confidence levels (0.23โ0.60)
---
Network Relationships
- Network Association: 25 relationships mapped to CMNET (China Mobile Network)
- DNS Associations: 2 hostname associations recorded, showing timeout errors to 192.168.2.108#53 (internal/residential gateway)
- Control Plane: Route stability flagged as false; RPKI state and IRR consistency not validated
---
Neighborhood Analysis (117.159.93.0/24)
- Subnet Classification: Mostly clean
- Abuse Density: 1/255 (low)
- Threat Siblings: 1
- Active Siblings: 1
- Inherited Risk: 2
- Neighbor Count: 0 immediate /24 neighbors
---
Recommended Actions
Based on the High Risk classification and DNSBL presence:
1. Monitor for Outbound Traffic: Despite firewalled status, the IP's risk profile warrants monitoring for outbound connection attempts
2. Review DNSBL Listings: Investigate the 6 DNSBL sources to understand the basis for listings
3. Correlate with CMNET Traffic: Cross-reference with China Mobile network logs for activity patterns
4. Consider Block: Given risk score of 80 and multiple blacklist sources, consider implementing firewall rules to block inbound/outbound traffic
---
Conclusion
IP 117.159.93.197 represents a mobile carrier infrastructure endpoint with elevated risk characteristics primarily driven by DNSBL presence. While no active services were detected, the combination of high risk score, multiple blacklist listings, and mobile carrier context warrants continued monitoring. The subnet shows low abuse density, suggesting this IP may be an isolated high-risk endpoint rather than part of a broader malicious network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-CHINAMOBILE-CN |
| ASN | AS24445 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Not signed |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:33 UTC |
| Last Seen | 2026-06-26 18:10:29 UTC |
| Profile Built | 2026-06-22 10:36:24 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.