221.215.144.203
# IP Intelligence Briefing: 221.215.144.203/32
## Executive Summary
IP address 221.215.144.203/32 is a mobile carrier endpoint from China Unicom (AS4837) located in Qingdao, Shandong, China. The IP presents low risk (score: 25) with no active services detected and a clean neighborhood profile. Recent historical observations indicate transient threat indicators but no persistent malicious activity.
## Network Classification & Ownership
- ASN: 4837 (China Unicom China169 Backbone)
- Organization: ChinaUnicom Hostmaster
- Network Name: UNICOM-SD
- CIDR Block: 221.214.0.0/15
- RIR: APNIC
- Country: China (CN)
- Region: Shandong (SD)
- City: Qingdao
- Registration Date: Not available
## Connection Type & Services
- Connection Type: Mobile Carrier (China Unicom, MCC: 460, MNC: 01)
- Technology: LTE/5G
- Network Role: Firewalled / No Services
- Open Ports: None detected
- Active Services: None
- TLS Certificates: None
## Threat Assessment
- Overall Risk Score: 25 (Low Risk)
- Reputation: Low Risk
- Threat Indicators: None active
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Status: 0 entries (0/8 DNSBL lists)
- Known Campaigns: None detected
- Abuse Confidence Score: Not available
## Neighborhood Analysis
- Subnet: 221.215.144.203/24
- Abuse Density: 0 (Clean)
- Classification: Clean
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 0
- Risk Distribution: High: 0, Medium: 0, Low: 0
## Historical Observations
Total: 16 observations recorded
Recent Activity:
- 2026-06-26: Threat indicators observed with 0.75 confidence from AlienVault OTX, associated with Qingdao region
- 2026-06-06: Multiple baseline observations showing:
- Geo validation: ICMP blocked, unable to validate
- Abuse density: 0 (clean)
- Classification: clean
- Operator score: 0.1304 (Minimal)
- Minimum possible RTT: ~165ms
Trend Analysis: No persistent malicious activity detected. The IP shows transient threat indicators but maintains a clean historical abuse profile.
## Control Plane Data
- Origin ASN: 4837
- BGP Prefix: 221.214.0.0/15
- Route Stability: Not stable
- RPKI State: Not available
- IRR Consistency: Not available
- Route Changes (30d): 0
- DNSSEC Valid: True
- Has CAA: False
## DNS Analysis
- PTR Hostnames: None
- Forward Resolution: False
- Hosted Domains: None
- Email Authentication: None (No SPF, No DMARC, No TXT records)
- Forward Resolution Count: 0
- Forward Hostnames: None
## Related Entities
- Network Relationships: 15 relationships identified, all pointing to UNICOM-SD network
- No Additional Hostnames: None detected
- No Organizations: Beyond China Unicom
## Recommended Actions
Based on the low-risk profile and mobile carrier classification:
- Classification: Monitor but no immediate blocking recommended
- Context: Mobile carrier IPs are often legitimate endpoints for IoT devices, mobile users, and carrier infrastructure
- Action: Allow traffic with standard rate limiting; monitor for behavioral anomalies
## Conclusion
IP 221.215.144.203/32 is a legitimate mobile carrier endpoint from China Unicom with minimal threat indicators. The absence of open services, clean neighborhood profile, and low abuse density support routine traffic handling. The transient threat indicator from June 26, 2026 warrants monitoring but does not justify immediate blocking or escalation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ChinaUnicom Hostmaster |
| ASN | AS4837 |
| Network Name | UNICOM-SD |
| CIDR Block | 221.214.0.0/15 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 0% (None) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Not signed |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 15% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 18% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:10:58 UTC |
| Last Seen | 2026-06-26 12:30:48 UTC |
| Profile Built | 2026-06-26 12:39:01 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 17 |
Full dossier details are available via our API.