IP Intelligence Briefing: 218.78.92.200
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership:
- ASN: 4811 (CHINANET-SH, China Telecom)
- Organization: Wu Xiao Li (registered under CHINANET-SH)
- Geolocation: Shanghai, China (latitude: 31.2222, longitude: 121.4581)
- Threat Indicators:
- No malicious activity detected (no blacklists, campaigns, or abuse indicators).
- DNSSEC Valid: Yes.
- BGP Stability: Unstable (route changes in last 30 days).
---
**2. Observation History**
- Recent Activity (Last 15 Observations):
- ICMP Blockage: Validation failed due to ICMP blocking (potential firewall/IDS).
- Geolocation Anomalies:
- Distance to probe: ~8,776 km (may indicate misconfigured routing or spoofing).
- Minimum possible RTT: 175.5 ms (suggests plausible regional origin).
- Network Changes: No recent ownership or threat persistence.
---
**3. Relationships & Network Context**
- Linked Entities:
- Same network as CHINANET-SH (China Telecom).
- Subnet:
- 218.78.92.0/22 (no active neighbors detected).
- Abuse Density: 0% (low risk in subnet).
---
**4. Threat & Risk Analysis**
- No Direct Threats:
- No indicators of spam, C2, or malware activity.
- No DNSBL listings or known malicious campaigns.
- Geolocation Concerns:
- ICMP blocking raises questions about network visibility.
- Geolocation data may be spoofed or misconfigured.
- Network Stability:
- BGP route instability (last 30 days) could indicate provider issues.
---
**5. Recommended Actions**
- Monitor for Changes: Track BGP routes and geolocation validation.
- Verify Network Configuration: Confirm ICMP blocking is intentional (e.g., firewall rules).
- Expand Subnet Analysis: Investigate neighboring IPs in 218.78.92.0/22 (no active neighbors found).
- Check for Misconfiguration: Validate DNSSEC and ensure no spoofing in geolocation data.
---
Conclusion: 218.78.92.200 is associated with a Chinese ISP but shows no direct malicious activity. The ICMP blocking and geolocation anomalies warrant further investigation to rule out misconfiguration or spoofing. No immediate mitigation is required, but ongoing monitoring is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Wu Xiao Li |
| ASN | AS4812 |
| Network Name | CHINANET-SH |
| CIDR Block | 218.78.0.0/15 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 14% | 6 | 7 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 06:22:23 UTC |
| Last Seen | 2026-06-26 18:11:09 UTC |
| Profile Built | 2026-06-10 05:58:37 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 19 |
Full dossier details are available via our API.