IP Intelligence Briefing: 39.181.37.144
Date: 2026-06-09
---
**1. Overview**
- Risk Score: Moderate (50/100)
- Provider: China Mobile (IRT-CHINAMOBILE-CN, ASN 56041)
- Geolocation: Beijing, China (34.77°N, 113.72°E)
- Network Role: Unknown (no active services, firewalled)
- Threat Indicators: No direct malicious activity detected.
---
**2. Ownership & Infrastructure**
- ASN: 56041 (CMNET, China Mobile)
- Subnet: 39.128.0.0/10 (apnic registered)
- Network Classification: Residential/Enterprise (no clear CDN/VPN/hosting indicators)
- DNS: No PTR records or domain associations.
---
**3. Threat & Risk Observations**
- DNSBL Listings:
- Flagged in 8 DNSBLs (high severity in 1).
- No recent abuse reports or spam activity.
- BGP Analysis:
- Route stability: Unstable (routeChanges30d = 0, isRouteStable = false).
- RPKI valid, no route hijack detected.
- Historical Activity:
- 13 observations since 2026-06-02.
- Last notable event: DNSBL listing (confidence 0.85).
---
**4. Network Relationships**
- Subnet: 39.181.37.144/24
- Neighbors (4 IPs):
- 39.181.37.145: Moderate risk (50/100).
- 39.181.37.173: Low risk (25/100).
- 39.181.37.180: Moderate risk (50/100).
- 39.181.37.182: Minimal risk (0/100).
- Subnet Abuse Density: 0% (no malicious IPs in the subnet).
---
**5. Actionable Intelligence**
- SOC Recommendations:
- Monitor for unexpected traffic patterns or DNSBL re-listings.
- Verify if the IP is part of a larger network compromise (e.g., compromised China Mobile subnet).
- Consider blocking DNSBL-listed IPs in the subnet (e.g., 39.181.37.145).
- Firewall Rules:
- Temporarily block 39.181.37.144/24 to investigate potential lateral movement.
- Whitelist China Mobileβs ASN (56041) if the IP is part of legitimate infrastructure.
---
Conclusion:
The IP is owned by a major Chinese ISP and shows no direct malicious activity. However, its association with DNSBL listings and unstable routing warrants closer monitoring. SOC teams should prioritize validating the IPβs role in the network and investigate potential upstream compromises.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | IRT-CHINAMOBILE-CN |
| ASN | AS56041 |
| Network Name | CMNET |
| CIDR Block | 39.128.0.0/10 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 13% | 6 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 09:13:07 UTC |
| Last Seen | 2026-06-09 20:41:29 UTC |
| Profile Built | 2026-06-09 20:56:52 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.