58.18.59.179

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP INTELLIGENCE BRIEFING: 58.18.59.179/32

Classification: Moderate Risk (Score: 40)

Jurisdiction: PRC (China)

Organization: ChinaUnicom Hostmaster (ASN: 4837)

Network: 58.18.0.0/16 (UNICOM-NM)

Date: 2026-06-25

Executive Summary

Target IP 58.18.59.179 is a mobile carrier endpoint operated by ChinaUnicom (LTE/5G) with a moderate risk profile. The IP shows multiple DNS blacklist listings (8 total, 2 with high severity) but no active threat indicators. No open services detected; the endpoint appears firewalled or dormant.

Ownership & Network Classification

AS Number: 4837 (ChinaUnicom Hostmaster)
Network Name: UNICOM-NM
Geolocation: PRC (confidence: 52%, accuracy: ±2,500km)
Connection Type: Mobile broadband (China Unicom LTE/5G)
Carrier: China United Network Communications (MCC: 460, MNC: 01)

Threat Indicators

Risk Score: 40 (Moderate)
Blacklist Count: 8 total listings
Abuse Confidence: Listed on 2 lists with high severity (observed 2026-06-25)
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Campaign Association: None detected
Certificate Matches: 0

Network Behavior

Services: No open ports detected
DNS Resolution: No PTR records; no forward resolution
Email Authentication: No SPF, DMARC, or TXT records configured
Control Plane: DNSSEC valid; CAA records present
Operator Risk Score: 0.2174 (Minimal)
Route Stability: Unstable routing observed

Subnet Analysis (58.18.59.0/24)

Subnet Classification: Clean
Abuse Density: 0%
Neighboring Threats: 0
Active Siblings: 1 (the target IP)

Historical Context

Recent signal observations (2026-06-05 and 2026-06-25) indicate:

Geolocation consistently mapped to CN
DNS blacklist activity present
No observed ownership changes
No persistent malicious behavior flagged

Recommended Actions

Given the moderate risk score and blacklist presence, defensive blocking is recommended:

```bash

# iptables

iptables -A INPUT -s 58.18.59.179 -j DROP

# nftables

nft add rule inet filter input ip saddr 58.18.59.179 drop

# nginx

deny 58.18.59.179;

# Cloudflare WAF

ip.src eq 58.18.59.179 → block

# AWS WAF

Addresses: 58.18.59.179/32

Description: IPDebrief risk 40

```

Intelligence Assessment

The IP represents a mobile carrier endpoint with elevated but not critical risk. Primary concerns stem from DNS blacklist associations rather than active exploitation or command-and-control activity. The mobile carrier classification and lack of open services suggest limited threat potential. Monitor for changes in listing status and service exposure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	HE
City	Shijiazhuang
Timezone	—
Latitude	34.77
Longitude	113.72

🏢 Ownership & Registration

Organization	ChinaUnicom Hostmaster
ASN	AS4837
Network Name	UNICOM-NM
CIDR Block	58.18.0.0/16
RIR	APNIC
Country	CN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	19%	2	2
routing	13%	1	1
services	24%	2	3
ownership	24%	2	3
reputation	13%	1	2
geolocation	19%	2	2
Overall	19%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 04:12:11 UTC
Last Seen	2026-06-25 23:22:52 UTC
Profile Built	2026-06-25 23:27:43 UTC
Data Freshness	Live
Signal Types	19
Total Observations	20

🔍 19 signal types · 20 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

58.18.59.179📋 Copy