210.13.99.66
Threat Intelligence Briefing: IP 210.13.99.66/32
Summary:
The IP address 210.13.99.66/32 is registered to yanling ruan under ASN 9929 (China Unicom) and geolocated to Shanghai, China. While its network role is classified as mobile (LTE/5G), it shows no direct malicious indicators (e.g., no malware, phishing, or C2 activity). However, the IP exhibits high risk (risk score: 80) due to potential network anomalies and a subnetwork abuse density of 1.
Key Findings:
1. Network Profile:
- Provider: China Unicom (MCC 460, MNC 01).
- Subnet: 210.13.99.66/24, classified as "mostly_clean" but with inherited risk (score: 2).
- BGP Data: Route origin ASN 9929, no recent route changes (30-day stability).
2. Threat Indicators:
- No direct malicious activity detected (no malware, phishing, or C2 signals).
- DNSSEC is valid, but DNS resolution errors occurred (timed out).
- No TLS certificates or open ports identified.
3. Behavioral Trends:
- Observed on 2026-06-03 with low confidence (0.3โ0.6) in threat signals.
- Historical data suggests minimal persistence (0 threat persistence days).
4. Relationships:
- Linked to SH-LEIJIESI network (same ASN, region).
- No active neighbors identified in the subnet.
Recommendations:
- Monitor for unexpected DNS resolution or network behavior changes.
- Investigate potential misconfigurations in DNSSEC or routing policies.
- Correlate with other IPs in the 210.13.96.0/20 prefix for broader network analysis.
Next Steps:
- Use `ipdebrief_actions` to generate firewall rules for further segmentation.
- Validate geolocation accuracy, as coordinates and timezone are unverified.
Risk Level: High (80/100) | Confidence: Moderate (0.27โ0.6).
*Note: No immediate mitigation actions required, but continuous monitoring is advised due to high risk profile and unclear network context.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | yanling ruan |
| ASN | AS9929 |
| Network Name | SH-LEIJIESI |
| CIDR Block | 210.13.99.0/25 |
| RIR | APNIC |
| Country | cn |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 25% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 21% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-23 07:01:08 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 27 |
Full dossier details are available via our API.