## IP INTELLIGENCE BRIEFING: 58.18.59.179/32
Classification: Moderate Risk (Score: 40)
Jurisdiction: PRC (China)
Organization: ChinaUnicom Hostmaster (ASN: 4837)
Network: 58.18.0.0/16 (UNICOM-NM)
Date: 2026-06-25
Executive Summary
Target IP 58.18.59.179 is a mobile carrier endpoint operated by ChinaUnicom (LTE/5G) with a moderate risk profile. The IP shows multiple DNS blacklist listings (8 total, 2 with high severity) but no active threat indicators. No open services detected; the endpoint appears firewalled or dormant.
Ownership & Network Classification
- AS Number: 4837 (ChinaUnicom Hostmaster)
- Network Name: UNICOM-NM
- Geolocation: PRC (confidence: 52%, accuracy: ±2,500km)
- Connection Type: Mobile broadband (China Unicom LTE/5G)
- Carrier: China United Network Communications (MCC: 460, MNC: 01)
Threat Indicators
- Risk Score: 40 (Moderate)
- Blacklist Count: 8 total listings
- Abuse Confidence: Listed on 2 lists with high severity (observed 2026-06-25)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Association: None detected
- Certificate Matches: 0
Network Behavior
- Services: No open ports detected
- DNS Resolution: No PTR records; no forward resolution
- Email Authentication: No SPF, DMARC, or TXT records configured
- Control Plane: DNSSEC valid; CAA records present
- Operator Risk Score: 0.2174 (Minimal)
- Route Stability: Unstable routing observed
Subnet Analysis (58.18.59.0/24)
- Subnet Classification: Clean
- Abuse Density: 0%
- Neighboring Threats: 0
- Active Siblings: 1 (the target IP)
Historical Context
Recent signal observations (2026-06-05 and 2026-06-25) indicate:
- Geolocation consistently mapped to CN
- DNS blacklist activity present
- No observed ownership changes
- No persistent malicious behavior flagged
Recommended Actions
Given the moderate risk score and blacklist presence, defensive blocking is recommended:
```bash
# iptables
iptables -A INPUT -s 58.18.59.179 -j DROP
# nftables
nft add rule inet filter input ip saddr 58.18.59.179 drop
# nginx
deny 58.18.59.179;
# Cloudflare WAF
ip.src eq 58.18.59.179 โ block
# AWS WAF
Addresses: 58.18.59.179/32
Description: IPDebrief risk 40
```
Intelligence Assessment
The IP represents a mobile carrier endpoint with elevated but not critical risk. Primary concerns stem from DNS blacklist associations rather than active exploitation or command-and-control activity. The mobile carrier classification and lack of open services suggest limited threat potential. Monitor for changes in listing status and service exposure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ChinaUnicom Hostmaster |
| ASN | AS4837 |
| Network Name | UNICOM-NM |
| CIDR Block | 58.18.0.0/16 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 04:12:11 UTC |
| Last Seen | 2026-06-25 23:22:52 UTC |
| Profile Built | 2026-06-25 23:27:43 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.