36.153.28.94
# IP Intelligence Briefing: 36.153.28.94
## Executive Summary
IP address 36.153.28.94 is classified as High Risk with a risk score of 80/100. The IP is associated with China Mobile Communications Corporation (CMNET), ASN 56046, and is located in Hohhot, Inner Mongolia, China. While the subnet shows minimal abuse density, this specific IP has been flagged on multiple DNSBL listings and requires immediate monitoring.
## Threat Profile
- Risk Score: 80/100 (High Risk)
- Country: China (CN)
- Region: Hohhot, Inner Mongolia (NM)
- ASN: 56046 (CMNET)
- Organization: haijun li / China Mobile Communications Corporation
- Registration Date: 2011-01-24 (APNIC)
- Network Role: Firewalled / No Services Detected
- Operator Score: 0.1304 (Minimal)
## Network Classification
- Provider Score: 0
- Authority Score: 0
- Stability Label: Not Available
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0 (traditional lists)
- DNSBL Listed: 6 of 8 total lists
- Route Stability: Unstable (isRouteStable: false)
- RPKI State: Not Available
- IRR Consistency: Not Available
## Historical Observation Summary
Analysis of the signal history reveals:
- 20 total observations recorded
- Recent listings show high severity classifications
- ASN 56046 consistently associated with 36.153.28.0/24 prefix
- Operator score labeled "Minimal" across multiple observations
- No persistent malicious activity detected over observation window
## Network Relationships
The IP maintains 26 relationship entries, all classified as "Same Network" relationships with CMNET. This indicates the address is part of a larger Chinese telecommunications infrastructure network with no cross-organizational associations detected.
## Subnet Neighborhood Analysis (36.153.28.0/24)
- Abuse Density: 0 (Clean classification)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 0
- Risk Distribution: No high/medium/low risk neighbors detected
- Classification: Clean subnet with minimal inherited risk
## Recommended Security Actions
Immediate Actions Required
1. Increase logging verbosity and review recent activity from this IP
2. Block at perimeter - Recommended firewall rules:
```bash
# iptables
iptables -A INPUT -s 36.153.28.94 -j DROP
# nftables
nft add rule inet filter input ip saddr 36.153.28.94 drop
# nginx
deny 36.153.28.94;
# pfSense
36.153.28.94/32
# Cloudflare WAF
{"description":"Block 36.153.28.94 โ IPDebrief risk score 80","action":"block","filter":{"expression":"ip.src eq 36.153.28.94"}}
# AWS WAF
{"Addresses":["36.153.28.94/32"],"Description":"IPDebrief risk 80"}
```
## Intelligence Assessment
Despite the subnet's clean classification, IP 36.153.28.94 presents an elevated risk profile due to:
- High risk score (80/100)
- Multiple DNSBL listings (6 of 8 total)
- Recent high-severity activity patterns
- Unstable routing configuration
The lack of open services and firewalled status suggests the IP may be used for scanning, reconnaissance, or as a temporary endpoint for malicious activity. However, the clean subnet environment and absence of known campaign correlations reduce the likelihood of coordinated attack activity.
Recommendation: Implement blocking rules immediately while maintaining enhanced logging for forensic analysis. Monitor for any changes in IP behavior or subnet-wide activity patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | haijun li |
| ASN | AS56046 |
| Network Name | CMNET |
| CIDR Block | 36.128.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:17 UTC |
| Last Seen | 2026-06-26 18:11:15 UTC |
| Profile Built | 2026-06-23 11:18:26 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 21 |
Full dossier details are available via our API.