36.163.199.22
# IP Intelligence Briefing: 36.163.199.22/32
Classification: Low Risk | Risk Score: 25 | Report Date: Current
---
## Executive Summary
IP address 36.163.199.22 is a low-risk residential mobile endpoint associated with China Mobile's network infrastructure in Beijing. The IP demonstrates no active threat indicators, no known malicious activity, and a clean neighborhood profile. No immediate blocking or mitigation action is required based on current risk assessment.
---
## Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 36.163.199.22/32 |
| **ASN** | 9808 |
| **Organization** | haijun li |
| **Netname** | CMNET |
| **RIR** | APNIC |
| **Country** | CN (China) |
| **City/Region** | Jinrong Ave., Xicheng District, Beijing |
| **Mobile Carrier** | China Mobile (MCC 460, MNC 00) |
| **Connection Type** | LTE/5G Mobile |
| **Classification** | Residential Mobile |
---
## Risk Assessment
Current Risk Indicators
- Overall Risk Score: 25 (Low Risk)
- Reputation Status: Low Risk
- Abuse Confidence Score: N/A
- Blacklist Status: Not listed (0 blacklists)
- Known Campaigns: None identified
Service Status
- Open Ports: None detected
- DNS Records: None
- Email Authentication: Not configured (no SPF/DMARC)
- Web Services: Firewalled / No services responding
- TLS Certificates: None
---
## Threat Intelligence
Active Threat Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Threat Feeds: None active
- Campaign Associations: None
Network Behavior
- Provider Risk Score: 0
- Authority Risk Score: 0
- Operator Score: 0.1304 (Minimal)
- Route Stability: Unstable
- DNSSEC Validation: Valid
- BGP Prefix: 36.163.128.0/17
---
## Historical Analysis
Observation Timeline
- Total Observations: 48 signals over monitoring period
- Recent Activity: June 24-25, 2026
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
Signal Types Observed
- Blacklist listings (8 total lists, 0 current listings)
- Geolocation validation signals
- Operator risk assessments
- Routing and service probes
Temporal Trend: No significant escalation in risk profile. Consistent low-risk classification across observation window.
---
## Neighborhood Analysis (36.163.199.0/24)
| Metric | Value |
|---|---|
| **Subnet Classification** | Clean |
| **Abuse Density** | 0.00 |
| **Total Siblings** | 1 |
| **Active Siblings** | 1 |
| **Threat Siblings** | 0 |
| **High Risk Neighbors** | 0 |
| **Medium Risk Neighbors** | 0 |
| **Low Risk Neighbors** | 0 |
Assessment: The /24 subnet shows no abuse activity. No neighboring IPs flagged as malicious or suspicious.
---
## Relationship Graph
Connected Entities
- Network Classifications: CMNET (multiple associations)
- Related Organizations: haijun li
- Certificate Associations: None
- Hostname Associations: None
No additional external relationships beyond network classification detected.
---
## Recommended Actions
Current Risk Level: Low
Security Recommendations:
- No immediate firewall rules or blocking required
- Monitor for any changes in service status or risk profile
- Standard logging and monitoring practices sufficient
- No special handling for mobile endpoints
Rule Generation: No specific firewall rules generated based on risk assessment.
---
## SOC Analyst Notes
This IP represents a legitimate residential mobile connection from China Mobile's Beijing network infrastructure. The low risk score (25), absence of threat indicators, and clean neighborhood profile support continued monitoring without intervention. No correlation to known attack campaigns or malicious infrastructure was identified.
Priority: Low | Action: Monitor | Review Period: 30 days
---
*Intelligence generated from IPDebrief threat analysis platform. Data accuracy subject to real-time network conditions and observation windows.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | haijun li |
| ASN | AS9808 |
| Network Name | CMNET |
| CIDR Block | 36.128.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 46% | 2 | 6 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 28% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 05:02:14 UTC |
| Last Seen | 2026-06-26 18:11:15 UTC |
| Profile Built | 2026-06-25 21:25:10 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 48 |
Full dossier details are available via our API.