175.170.144.19
# THREAT INTELLIGENCE BRIEFING: IP 175.170.144.19/32
Classification: Moderate Risk (Score: 50/100)
Date: Current Assessment
Status: Active Monitoring Recommended
## OWNERSHIP & INFRASTRUCTURE
IP 175.170.144.19/32 is registered to ChinaUnicom Hostmaster (ASN 4837, Organization: UNICOM-LN), allocated from the 175.160.0.0/12 block under APNIC RIR. The IP is classified as a mobile endpoint operated by China Unicom (MCC 460, MNC 01) using LTE/5G technology. The control plane indicates the IP is part of a stable BGP prefix (175.160.0.0/12) with operator score 0.1304 (Minimal).
## GEOLOCATION
Geolocation data indicates origin in Liaoning Province, P.R. China. The consensus accuracy radius is 2500km. Geovalidation shows the location is not considered plausible with 0 probe count and no violation indicators.
## THREAT PROFILE
- Reputation: Moderate Risk
- Threat Indicators: None explicitly identified
- Known Attacker Status: False
- Spam Source Status: False
- Tor Exit Node: False
- Blacklist Count: 0 (DNSBL: 1 of 8 lists)
- Abuse Confidence: Not scored
- Campaign Association: No matches detected
The IP shows no active threat indicators, is not associated with known malicious campaigns, and has zero explicit threat feed matches. However, one DNSBL listing was detected.
## NETWORK ROLE & SERVICES
The IP is classified as a mobile endpoint with no open services detected. The service purpose is reported as "Firewalled / No Services." No TLS certificates, HTTP banners, or domain associations were observed. DNS resolution is forward-confirmed as false with zero hosted domains and zero forward hostnames.
## NEIGHBORHOOD CONTEXT
The /24 subnet (175.170.144.0/24) contains 4 total sibling IPs with an abuse density of 0. Risk distribution across the subnet: 2 medium-risk neighbors, 1 low-risk neighbor. Identified neighbors include:
- 175.170.144.16 (Risk: 40, Authority: 50)
- 175.170.144.17 (Risk: 65, Authority: 50)
- 175.170.144.18 (Risk: 25, Authority: 50)
All relationships map to the UNICOM-LN network infrastructure.
## OBSERVATION HISTORY
Eighteen signal observations recorded. Recent activity includes operator score assessments (0.30 confidence), geolocation signals (0.52 confidence, CN), and blacklist listing signals (0.85 confidence, high severity). No persistent malicious behavior detected; threat persistence days: 0.
## RECOMMENDED ACTIONS
Based on the moderate risk profile, the following defensive measures are recommended:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 175.170.144.19 -j DROP
# nftables
nft add rule inet filter input ip saddr 175.170.144.19 drop
```
Application-Level Blocking:
- nginx: `deny 175.170.144.19;`
- pfSense: `175.170.144.19/32`
- Cloudflare WAF: Block with expression `ip.src eq 175.170.144.19`
- AWS WAF: Add `175.170.144.19/32` to address list
## SUMMARY
IP 175.170.144.19/32 represents a moderate-risk mobile endpoint from Chinese telecommunications infrastructure with no active threat indicators. While not currently flagged as malicious, the DNSBL listing and moderate risk score warrant monitoring. The mobile classification and firewalled status suggest limited service exposure. Block or monitor based on organizational risk tolerance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ChinaUnicom Hostmaster |
| ASN | AS4837 |
| Network Name | UNICOM-LN |
| CIDR Block | 175.160.0.0/12 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 21% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 22:10:52 UTC |
| Last Seen | 2026-06-26 18:10:47 UTC |
| Profile Built | 2026-06-25 21:18:29 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 15 |
Full dossier details are available via our API.