218.23.95.9
IP Intelligence Briefing: 218.23.95.9/32
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- Provider: China Telecom (ASN 4134)
- Network: ChinaNet (CHINANET-AH)
- Region: China (CN)
- Threat Indicators:
- No direct malicious activity detected (no malware, phishing, or spam indicators).
- Subnet abuse density: 1/10 (mostly clean, but 2 neighboring IPs flagged).
- Network Role:
- Mobile Network: LTE/5G (China Telecom)
- Infrastructure: Firewalled; no open ports or services detected.
---
**2. Observation History**
- Recent Activity (30 Days):
- DNS Signals: Inferred geolocation in China (latitude 35.86, longitude 104.2).
- Network Signals: Subnet abuse density increased to 1/10 (mostly clean).
- Threat Signals: No malicious campaigns or DNSBL listings observed.
- Stability:
- Route Stability: Unstable (route changes detected).
- Ownership: No changes in ownership.
---
**3. Relationships & Subnet Context**
- Linked Entities:
- Networks: CHINANET-AH (same provider).
- Neighbors:
- 218.23.95.14: High-risk IP (score 80), same subnet.
- Subnet Abuse Density: 1/10 (2 threat siblings in 256 IPs).
- Geolocation:
- Plausible China location, but no city/region data.
---
**4. Actionable Insights**
- Risk Context:
- High-risk score driven by subnet abuse, not direct malicious activity.
- Neighboring IP (218.23.95.14) shares similar risk profile.
- SOC Recommendations:
- Monitor subnet for lateral movement or cluster-based threats.
- Investigate China Telecomβs mobile network for potential carrier-based attacks.
- Validate geolocation accuracy for compliance or threat mapping.
---
Conclusion:
This IP is part of a high-risk subnet linked to China Telecomβs mobile network. While no direct malicious activity is detected, the subnetβs abuse density and neighboring IPs warrant closer scrutiny. Prioritize monitoring for unusual traffic patterns or lateral connections within the 218.23.95.0/24 range.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Chinanet Hostmaster |
| ASN | AS4134 |
| Network Name | β |
| CIDR Block | β |
| RIR | APNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 19% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:12 UTC |
| Last Seen | 2026-06-26 18:11:08 UTC |
| Profile Built | 2026-06-23 08:11:28 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.