222.222.124.164
IP Intelligence Briefing: 222.222.124.164
*Generated using IPDebrief tools: Profile, History, Relationships, and Neighborhood Analysis*
---
**Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN: 4134 (Chinanet Hostmaster)
- Organization: China Telecom
- Geolocation: Baoding, Hebei, China (latitude: 38.8729, longitude: 115.4625)
- Network Role: Mobile LTE/5G (China Telecom)
- Threat Indicators:
- 6 DNSBL listings (abuse confidence score: 0.13)
- No open ports, no TLS/HTTP services, no known campaigns
- Mobile Carrier: China Telecom (MCC: 460, MNC: 03)
---
**Observation History**
- Recent Activity (June 2β7, 2026):
- Consistent geolocation in Baoding, China.
- DNSBL listings increased from 6 to 8 in 3 days.
- Operator score remains low (0.13), indicating potential abuse.
- Stability: Unstable routing (route changes in last 30 days).
---
**Relationships**
- Network Links:
- Same network: CHINANET-HE (China Telecom)
- Repeated DNS associations with `164.124.222.222.broad.lf.he.dynamic.163data.com.cn` (dynamic IP, likely residential/mobile).
- No Linked Threat Entities: No malware campaigns, domains, or certificates associated.
---
**Neighborhood Analysis**
- Subnet: 222.222.124.0/24
- Abuse Density: 1 (mostly clean, but low threshold).
- Neighbors: 0 active IPs in subnet (no sibling IPs observed).
---
**Actionable Insights**
1. Monitor DNSBL Listings: The IP is listed on 8 DNSBLs (6 confirmed). Investigate if this is a compromised device or misconfigured network.
2. Check Mobile Network Context: China Telecomβs LTE/5G IP range often includes residential/mobile users. Verify if this IP is associated with known malicious mobile activity.
3. Block/Restrict Traffic: Given the high risk score and DNSBL listings, consider blocking traffic from this IP or adding it to firewall rules (e.g., iptables, Cloudflare WAF).
4. Validate Geolocation: While geolocation matches China, the IPβs dynamic nature (DNS hostname) suggests potential spoofing or misattribution. Cross-check with other sources.
---
*Generated by IPDebrief. All data sourced from public threat intelligence and network telemetry.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Chinanet Hostmaster |
| ASN | AS4134 |
| Network Name | CHINANET-HE |
| CIDR Block | 222.222.0.0/15 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 164.124.222.222.broad.lf.he.dynamic.163data.com.cn |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 164.124.222.222.broad.lf.he.dynamic.163data.com.cn |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 32% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 07:14:23 UTC |
| Last Seen | 2026-06-26 18:11:10 UTC |
| Profile Built | 2026-06-07 04:00:11 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 19 |
Full dossier details are available via our API.