60.223.254.202

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 60.223.254.202/32

## Executive Summary

IP address 60.223.254.202 is classified as High Risk (Risk Score: 80/100) and should be treated as a potential threat source. The IP is associated with China Unicom's China169 backbone network and exhibits multiple threat indicators including blacklist listings and suspicious geolocation patterns.

## Network Classification

ASN: 4837 (China Unicom / China United Network Communications)
Organization: xuehong han
Country: China (CN)
Region: Shanxi (SX) - inferred from network relationships
Network Type: Mobile (LTE/5G) - China Unicom
CIDR Block: 60.223.254.202/24
Reverse DNS: 202.254.223.60.adsl-pool.sx.cn

## Threat Indicators

Blacklist Status: Listed on 6 out of 8 DNSBLs (abuseConfidenceScore elevated)
Threat Feeds: 5 threat pulses detected via AlienVault OTX
Reputation: 0/100 across threat feeds
Campaign Correlation: No direct campaign matches currently identified

## Geolocation Analysis

Coordinates: 35.86°N, 104.2°E (inferred)
Consensus Location: Taiyuan, Shanxi Province, China
Geo Confidence: 0.52 (moderate confidence)
Accuracy Radius: 2500km
Note: Geolocation validation flagged as implausible due to mobile carrier routing patterns

## Observation History (21 Signals)

Recent observations indicate persistent threat activity:

2026-06-26 05:42:27: Listed on 8 DNSBLs (5 active, high severity)
2026-06-26 05:42:26: ASN AS4837 flagged with threat indicators active
Threat Persistence: 1 threat observation recorded
Ownership Stability: No ownership changes detected

## Network Neighborhood Analysis

Subnet: 60.223.254.202/24
Abuse Density: 1 (elevated within subnet context)
Threat Siblings: 1
Network Classification: mostly_clean (but elevated inherited risk)
Control Plane: BGP prefix 60.220.0.0/14, route stability flags indicate potential anomalies

## Recommended Security Actions

Immediate Mitigation

1. Block Traffic: Implement blocking rules across all platforms:

- `iptables -A INPUT -s 60.223.254.202 -j DROP`

- `nft add rule inet filter input ip saddr 60.223.254.202 drop`

- Nginx: `deny 60.223.254.202;`

2. Cloud Security:

- Cloudflare WAF: Block expression `ip.src eq 60.223.254.202`

- AWS WAF: Add address `60.223.254.202/32` to deny list

3. Enhanced Monitoring:

- Increase logging verbosity for this IP

- Review recent activity logs from the past 24-48 hours

- Monitor for port scanning or connection attempts from this address

Additional Intelligence

Relationship Graph: 53 connections detected, primarily UNICOM-SX network infrastructure
Service Status: No open services detected (firewalled/no services)
Email Reputation: Not applicable (no hosted domains)

## Risk Assessment

This IP presents an elevated threat profile due to:

High risk score (80/100)
Multiple blacklist listings with high severity
Mobile carrier attribution to China Unicom with threat indicators
DNSBL presence across multiple sources
Unstable routing patterns

Recommendation: Treat as malicious until proven otherwise. Block inbound traffic and investigate any outbound connections from internal assets to this IP. Monitor for associated IPs in the 60.223.254.0/24 range.

---

*Intel produced by IPDebrief Analysis System*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇳 China
Region	SX
City	Taiyuan
Timezone	—
Latitude	34.77
Longitude	113.72

🏢 Ownership & Registration

Organization	xuehong han
ASN	AS4837
Network Name	—
CIDR Block	—
RIR	APNIC
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	202.254.223.60.adsl-pool.sx.cn
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`202.254.223.60.adsl-pool.sx.cn`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	3
routing	13%	1	1
services	11%	1	2
ownership	20%	2	3
reputation	19%	1	3
geolocation	27%	2	2
Overall	20%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 22:17:56 UTC
Last Seen	2026-06-26 05:43:22 UTC
Profile Built	2026-06-26 05:52:56 UTC
Data Freshness	Live
Signal Types	19
Total Observations	20

🔍 19 signal types · 20 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

60.223.254.202📋 Copy