49.77.89.3
## Intelligence Briefing: IP 49.77.89.3/32
Date: 2026-06-23
Classification: Low Risk / Minimal Threat
Prepared For: SOC Analyst Team
---
Executive Summary
IP address 49.77.89.3 is associated with CHINANET-JS (China Telecom) infrastructure in Nanjing, China. The IP presents a low-risk profile (risk score: 25) with no active threat indicators, no open services, and minimal operator classification. Historical data shows one threat observation event in mid-June 2026. The IP operates on a mobile connection (China Telecom LTE/5G) and is firewalled with no accessible services.
---
Network Profile
| Attribute | Value |
|---|---|
| **IP Address** | 49.77.89.3/32 |
| **ASN** | 4134 |
| **Organization** | CHINANET-JS Hostmaster |
| **Network Name** | CHINANET-JS |
| **CIDR Block** | 49.64.0.0/11 |
| **RIR** | APNIC |
| **Country** | China (CN) |
| **Region/City** | Jiangsu, Nanjing |
| **Mobile Carrier** | China Telecom (MCC: 460, MNC: 03) |
| **Connection Tech** | LTE/5G |
---
Threat Assessment
- Risk Score: 25 (Low Risk)
- Provider Score: 0
- Authority Score: 0
- Operator Score: 0.1304 (Minimal)
- Threat Indicators: None active
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Campaign Matches: 0
---
Network Classification
- Infrastructure Type: Mobile Connection
- Open Ports: None detected
- TLS Certificates: None
- HTTP Services: None (Firewalled / No Services)
- Cloud/CDN/VPN/Proxy: No
- Hosting Service: No
---
Geolocation & Validation
- Geo Location Confidence: Plausible (single source, 2500km accuracy)
- Coordinates: 35.86°N, 104.2°E
- Validation Status: ICMP blocked - unable to validate
- Minimum Possible RTT: 171.1ms
---
Control Plane Data
- BGP Prefix: 49.64.0.0/11
- Route Changes (30d): 0
- Route Stability: False
- DNSSEC Valid: Yes
- DNSBL Listings: 0/8 lists
- MoAS: No
---
Subnet Neighborhood (49.77.89.0/24)
- Abuse Density: 0 (Low)
- Classification: Mostly Clean
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- High Risk Neighbors: 0
- Medium Risk Neighbors: 0
---
Historical Observations
Total Signals: 19 observations tracked
Recent Activity:
- 2026-06-23: Minimal operator score (0), no threat signals
- 2026-06-18: One listing detected across 8 threat feeds (max severity: High)
- 2026-06-18: Geolocation signal confirmed (China)
Threat Persistence: 1 threat observation event
Persistence Label: Not Persistently Malicious
---
Relationships & Campaigns
- Same Network Relationships: 16 entities (CHINANET-JS infrastructure)
- Campaign Likelihood: None
- Correlated IPs: 0
- Certificate Matches: 0
---
Recommended Actions
Current Status: No specific firewall rules recommended
- Risk score (25) falls below typical block thresholds
- No active threat indicators detected
- Mobile connection with no exposed services
Monitoring Recommendations:
1. Maintain baseline monitoring due to mobile carrier association
2. Monitor for emergence of services on previously firewalled IP
3. Watch for subnet-level threat activity (1 threat sibling in /24)
4. Review threat history if similar IPs exhibit malicious behavior
---
Conclusion
IP 49.77.89.3 is a mobile-residential IP from China Telecom's Nanjing infrastructure. While current threat indicators are minimal, the presence of one threat sibling in the /24 subnet warrants continued observation. No immediate blocking action is recommended based on current risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | CHINANET-JS Hostmaster |
| ASN | AS4134 |
| Network Name | CHINANET-JS |
| CIDR Block | 49.64.0.0/11 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:24 UTC |
| Last Seen | 2026-06-23 15:19:37 UTC |
| Profile Built | 2026-06-23 15:26:22 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.