IP Intelligence Briefing: 36.137.121.41
Date: 2026-06-03
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership:
- ASN: 9808 (CMNET)
- Organization: Haijun Li (China Mobile)
- Geolocation: Beijing, China (Jinrong Ave., Xicheng District)
- Network Role: Mobile (China Mobile LTE/5G)
- Threat Indicators:
- No malicious activity, spam, or known attacker associations.
- DNSBL Listing: 1/8 DNSBLs (low severity).
---
**2. Observation History**
- Latest Signals (30-Day Window):
- No CDN, Tor, VPN, or proxy activity.
- Minimal operator risk score (0.13).
- DNSSEC validation confirmed.
- DNSBL Listings: 1/8 DNSBLs (e.g., Spamhaus, OpenBL, etc.).
- Stability:
- No ownership or threat persistence detected.
- Route stability: 0 changes in 30 days.
---
**3. Relationships**
- Linked Entities:
- Same Network: Multiple CMNET subnets (36.128.0.0/10).
- Mobile Carrier: China Mobile (MCC 460, MNC 00).
- No Known Campaigns or Certificates: No correlated IPs or TLS certificates.
---
**4. Subnet Analysis**
- Subnet: 36.137.121.0/24
- Neighborhood Risk:
- Abuse Density: 0% (clean subnet).
- Active Siblings: 0 (no neighboring IPs reported).
- Classification: Low-risk, no malicious activity detected.
---
**5. Recommendations**
- Monitor DNSBL Status: Investigate the single DNSBL listing (e.g., Spamhaus) for potential false positives or evolving threats.
- Verify Mobile Activity: Confirm China Mobileβs LTE/5G infrastructure legitimacy, as mobile IPs often have transient risk profiles.
- Subnet-Wide Checks: Since the subnet is clean, focus on isolating this IP if it exhibits unexpected behavior (e.g., DNS changes, port opens).
Conclusion: 36.137.121.41 is a low-risk mobile IP under China Mobileβs CMNET, with no direct malicious indicators. The DNSBL listing warrants further investigation, but the subnet remains clean. No immediate action required unless new threats emerge.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | haijun li |
| ASN | AS9808 |
| Network Name | CMNET |
| CIDR Block | 36.128.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 21% | 1 | 2 |
| services | 18% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 27% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:17 UTC |
| Last Seen | 2026-06-23 10:55:54 UTC |
| Profile Built | 2026-06-23 10:58:15 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.