220.161.52.149
IP Intelligence Briefing: 220.161.52.149/32
Date: 2026-06-03
---
**1. Risk Profile**
- Risk Score: 80/100 (High Risk)
- Provider: China Telecom (ASN 4134)
- Geolocation: Fujian, China (Zhangzhou; coordinates unspecified)
- Network Role: Mobile (LTE/5G) | No services detected | Firewalled
- Threat Indicators: No direct malicious activity detected (no DNS, TLS, or service anomalies).
---
**2. Ownership & Infrastructure**
- Organization: China Telecom Corp. Ltd. (APNIC registered)
- Subnet: 220.161.52.149/24 | Abuse Density: 1 (low)
- Mobile Carrier: China Telecom | Technology: LTE/5G
- Network Classification: "Mostly Clean" subnet with minimal risk inheritance.
---
**3. Threat Observations**
- Historical Signals:
- 5/8 lists in DNSBLs (moderate confidence).
- No spam, attacker, or Tor exit node associations.
- Stable geolocation inferred (Zhangzhou, Fujian).
- No Recent Threat Activity: No observed scans, DNS changes, or service anomalies.
---
**4. Network Relationships**
- Shared Network: CHINANET-FJ (China Telecom) | No correlated IPs detected.
- Subnet Neighbors: No active siblings in 220.161.52.149/24.
---
**5. Recommended Actions**
- Block/Restrict:
- Firewall Rules:
```bash
iptables -A INPUT -s 220.161.52.149 -j DROP
nft add rule inet filter input ip saddr 220.161.52.149 drop
```
- WAF/Cloud: Add to Cloudflare/AWS WAF rules (see tool response).
- Monitoring: Increase logging verbosity for this IP due to elevated risk score.
---
**6. Summary**
The IP is part of China Telecom's mobile network in Fujian, China, with no direct malicious indicators. While the subnet has low abuse density, the high risk score (80) and mobile infrastructure suggest potential for targeted attacks. Block or monitor based on organizational risk tolerance. No immediate action required for known threats, but ongoing surveillance is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Chinanet Hostmaster |
| ASN | AS4134 |
| Network Name | CHINANET-FJ |
| CIDR Block | 220.162.0.0/16 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 24% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:13 UTC |
| Last Seen | 2026-06-26 18:11:09 UTC |
| Profile Built | 2026-06-23 08:24:37 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 19 |
Full dossier details are available via our API.