183.239.20.236

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# THREAT INTELLIGENCE BRIEFING

Target IP: 183.239.20.236/32

Classification: HIGH RISK

Report Date: Current Analysis

## EXECUTIVE SUMMARY

IP 183.239.20.236 is classified as HIGH RISK with a risk score of 80. The address is associated with China Mobile's LTE/5G mobile network infrastructure and operates within the CMNET network (ASN 9808). Recent observation data indicates active blacklist presence with high-severity listings.

## NETWORK ATTRIBUTES

Attribute	Value
ASN	9808
Organization	haijun li / CMNET
RIR	APNIC
Country	China (CN)
Region	Jinrong Ave., Xicheng District, Beijing
Connection Type	Mobile (China Mobile LTE/5G)
Service State	Firewalled / No Services

## THREAT INDICATORS

Risk Score: 80 (High Risk)
DNSBL Listings: 6 of 8 total lists
Abuse Confidence Score: Listed on threat feeds
Tor Exit Node: No
Known Attacker Status: Not flagged
Spam Source: No

## OBSERVATION HISTORY

Analysis of 19 historical observations reveals:

Latest Signal (2026-06-25): High-severity blacklist listings detected with 8 total listings and maximum severity level "high"
Route Stability: Inconsistent BGP routing (isRouteStable: false)
DNSSEC Validation: Valid
Geographic Confidence: 52% confidence in China location via multi-signal inference

## NETWORK CONTEXT

The IP resides within the 183.239.20.236/24 subnet. Relationship analysis shows 17 connections to the CMNET network infrastructure. The subnet classification indicates "mostly_clean" with inherited risk score of 2, though the individual IP maintains a high-risk profile due to blacklist activity.

## RECOMMENDED ACTIONS

1. Block at perimeter - Implement iptables/nftables DROP rule for this IP

2. Monitor DNS queries - Track any DNS resolution attempts to this address

3. Review firewall logs - Check for any connection attempts from or to this IP

4. Update threat intelligence feeds - Ensure blacklist data is current for this IP

## ANALYST NOTES

This IP represents a mobile network endpoint with active threat intelligence flags. The high risk score combined with multiple blacklist listings warrants defensive blocking. The China Mobile association and Beijing geographic attribution suggest legitimate mobile infrastructure, but the blacklist presence indicates compromise or abuse activity. No open services detected suggests either proper firewall configuration or non-service endpoints.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	Jinrong Ave., Xicheng District, Beijing,
City	29
Timezone	—
Latitude	34.77
Longitude	113.72

🏢 Ownership & Registration

Organization	haijun li
ASN	AS9808
Network Name	CMNET
CIDR Block	183.192.0.0/10
RIR	APNIC
Country	CN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	43%	2	6
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	26%	1	3
geolocation	33%	2	3
Overall	26%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Fresh

First Seen	2026-05-08 05:01:55 UTC
Last Seen	2026-06-26 02:15:06 UTC
Profile Built	2026-06-26 05:36:46 UTC
Data Freshness	Fresh
Signal Types	19
Total Observations	20

🔍 19 signal types · 20 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

183.239.20.236📋 Copy