60.212.0.13

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING: 60.212.0.13/32

Classification: HIGH RISK – Immediate Review Recommended

---

EXECUTIVE SUMMARY

IP 60.212.0.13 presents a HIGH RISK profile (Risk Score: 80/100) with evidence of active blacklist listings and mobile carrier association. The IP is assigned to ChinaUnicom (AS4837) infrastructure in Shandong, China, and is currently classified with firewalled/no active services. Immediate monitoring and defensive controls are recommended.

---

OWNERSHIP & INFRASTRUCTURE

ASN: 4837 (ChinaUnicom Hostmaster)
Organization: UNICOM-SD (China Unicom)
Network Block: 60.216.0.0/15
Geolocation: China (CN), Shandong Province, Qingdao City
RIR: APNIC
Mobile Carrier: China Unicom (MCC: 460, MNC: 01) – LTE/5G connection

---

RISK INDICATORS

Overall Risk Score: 80/100 (High Risk)
DNSBL Listings: 4 of 8 total blacklists (Maximum Severity: High)
Abuse Confidence Score: Not available
Network Classification: Firewalled / No Services
Known Attacker: False
Tor Exit Node: False
Spam Source: False

---

THREAT OBSERVATIONS

Observation Count: 17 signals recorded
Most Recent Activity: June 23, 2026 – Multiple blacklist listings detected with high severity
Threat Persistence: Low (single threat observation)
Campaign Correlation: None identified
Control Plane: Route unstable, origin ASN 4837, BGP prefix 60.208.0.0/13

---

NETWORK NEIGHBORHOOD (60.212.0.13/24)

Subnet Classification: Mostly Clean
Abuse Density: Low (0.1304 operator score)
Threat Siblings: 1 identified
Inherited Risk: 2/100
Total Siblings: 1 active

---

RELATIONSHIP ANALYSIS

19 relationships identified, all mapping to UNICOM-SD network infrastructure
No certificate or hostname associations detected
No correlated IP addresses across campaigns

---

RECOMMENDED ACTIONS

IMMEDIATE:

1. Firewall Rule Deployment: Block inbound traffic from 60.212.0.13/32

- iptables: `iptables -A INPUT -s 60.212.0.13 -j DROP`

- nftables: `nft add rule inet filter input ip saddr 60.212.0.13 drop`

- Cloudflare WAF: Block with expression `ip.src eq 60.212.0.13`

- AWS WAF: Add to allowlist deny list `60.212.0.13/32`

2. Enhanced Logging: Increase verbosity for all traffic involving this IP address. Monitor for connection attempts and scan activity.

3. Correlation Check: Review all traffic from 60.212.0.0.0/16 subnet for coordinated activity patterns.

---

THREAT CONTEXT

The IP's high risk score correlates with multiple blacklist listings detected in recent observations. The mobile carrier classification suggests the IP may be used for mobile device communication or IoT devices. The absence of open services indicates either passive scanning or active firewall blocking.

---

MONITORING PRIORITY: CRITICAL

Last Updated: Current briefing based on latest available intelligence

*Recommendations are probabilistic and should be validated against internal threat intelligence before enforcement.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	Shandong
City	Qingdao
Timezone	—
Latitude	36.06
Longitude	120.38

🏢 Ownership & Registration

Organization	ChinaUnicom Hostmaster
ASN	AS4837
Network Name	UNICOM-SD
CIDR Block	60.216.0.0/15
RIR	APNIC
Country	CN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	18%	2	2
ownership	27%	2	3
reputation	26%	1	3
geolocation	19%	2	2
Overall	22%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:30 UTC
Last Seen	2026-06-26 18:11:29 UTC
Profile Built	2026-06-23 19:22:17 UTC
Data Freshness	Live
Signal Types	16
Total Observations	17

🔍 16 signal types · 17 observations collected

This report is generated from 16+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

60.212.0.13📋 Copy