39.152.193.72
IP Intelligence Briefing: 39.152.193.72
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Provider: China Mobile (AS56044)
- Geolocation: Beijing, China (CN)
- Network Role: Mobile Carrier (CMNET)
- Threat Indicators:
- Listed in 5/8 DNSBLs (DNS-based blackhole lists).
- No direct malware, phishing, or campaign associations.
- Ownership:
- ASN: 56044 (IRT-CHINAMOBILE-CN).
- Subnet: 39.152.193.72/24.
---
**2. Observation History**
- Recent Activity (2026-06-18):
- Confirmed as part of China Mobile's network with high confidence (0.95).
- Detected 50 "pulses" (potential network activity) linked to unspecified threats.
- Historical Trends:
- No persistent malicious behavior observed (threat persistence days: 0).
- DNSSEC validation is active, but DNSBL listings suggest potential abuse.
---
**3. Relationships**
- Linked Entities:
- Repeatedly associated with CMNET (same network).
- No direct ties to domains, organizations, or certificates.
- Subnet Context:
- Part of 39.152.193.72/24; no neighboring IPs identified (neighborCount: 0).
---
**4. Network Behavior**
- Control Plane:
- BGP prefix: 39.152.192.0/20.
- Route stability: Unstable (isRouteStable: false).
- Services:
- No open ports, TLS certificates, or HTTP services detected.
- No server banners or domain resolution activity.
---
**5. Threat Assessment**
- Risk Flags:
- High risk score despite no direct malicious indicators.
- DNSBL listings may indicate spoofing or abuse.
- Recommendations:
- Monitor traffic from this IP for anomalies (e.g., unexpected DNS queries).
- Verify DNSBL listings with upstream providers.
- Investigate "pulses" for potential network scanning or reconnaissance.
---
Conclusion:
This IP is part of China Mobile's mobile network in Beijing. While it lacks direct malicious indicators, its DNSBL listings and high risk score suggest potential misuse. SOC teams should closely monitor its activity and validate DNSBL context. No immediate blocking recommended unless further suspicious behavior is detected.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-CHINAMOBILE-CN |
| ASN | AS56044 |
| Network Name | CMNET |
| CIDR Block | 39.128.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 19% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:18 UTC |
| Last Seen | 2026-06-26 18:11:17 UTC |
| Profile Built | 2026-06-23 11:52:40 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 22 |
Full dossier details are available via our API.