IP INTELLIGENCE BRIEFING: 49.158.208.139/32
SIGNAL SUMMARY
The IP address 49.158.208.139 is associated with Evans Lin (UBBNET-NET), ASN 24164, based in Taiwan (Yilan). Risk scoring indicates a High Risk classification (score: 80/100).
NETWORK CLASSIFICATION
- Provider: Evans Lin / UBBNET-NET (APNIC RIR)
- CIDR Block: 49.158.208.0/21
- Network Role: Firewalled / No Services
- DNS Configuration: Reverse DNS resolves to 49-158-208-139.dynamic.elinx.com.tw
- Open Services: None detected
- Network Stability: Route instability observed (isRouteStable: false)
THREAT INDICATORS
- DNSBL Listings: 4 out of 8 total blacklist listings detected
- Abuse Confidence: Listed on multiple threat feeds
- Known Attacker Status: Not explicitly flagged
- Tor Exit/Proxy: Negative (not Tor exit, not proxy, not CDN)
- Campaign Correlation: No known campaign matches
- Threat Persistence: Single threat observation recorded
TEMPORAL ANALYSIS
Historical data shows 19 observations. Notable events:
- 2026-06-17: IP listed on 4 DNSBLs with maximum severity rating (HIGH)
- 2026-06-05: Network classification verification
- 2026-06-25: Recent operator score recorded as Minimal (0)
NEIGHBORHOOD ASSESSMENT
- Subnet: 49.158.208.139/24
- Abuse Density: 1 (elevated compared to subnet average)
- Threat Siblings: 1 detected in /24
- Active Siblings: 0 currently active
- Classification: Mostly clean subnet with isolated threat indicator
RELATIONSHIP MAPPING
- 52 relationships identified, all mapped to UBBNET-NET network
- No hostname, organization, or certificate relationships beyond network assignment
- No correlated IPs detected in threat campaigns
RECOMMENDED ACTIONS
1. Monitoring: Place IP on enhanced monitoring due to DNSBL listings and high risk score
2. Firewall Rules: Consider blocking inbound traffic from this IP at perimeter
3. Threat Intel Integration: Add to blocklist due to DNSBL presence
4. Contextual Investigation: Review other /24 addresses for potential lateral threat activity
INTELLIGENCE NOTE
Despite firewalled status (no open services), the IP maintains a High Risk profile with active blacklist presence. The combination of DNSBL listings and elevated risk score suggests potential for outbound-based threats or abuse despite lack of inbound service exposure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Evans Lin |
| ASN | AS24164 |
| Network Name | UBBNET-NET |
| CIDR Block | 49.158.208.0/21 |
| RIR | APNIC |
| Country | TW |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 49-158-208-139.dynamic.elinx.com.tw |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 49-158-208-139.dynamic.elinx.com.tw |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 15% | 2 | 2 |
| reputation | 26% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 21% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 17:18:07 UTC |
| Last Seen | 2026-06-26 18:11:24 UTC |
| Profile Built | 2026-06-26 18:20:59 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.