106.248.238.187
IP Intelligence Briefing: 106.248.238.187
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN: 3786 (IP Manager)
- Netname: BORANET-KR
- Region: South Korea (Seoul, Gwanak-gu)
- Geolocation:
- Latitude: 35.91, Longitude: 127.77 (Seoul, KR)
- Accuracy Radius: 250 km
- Network Role:
- Open Ports: HTTP (80), SSH (22), RDP (3389)
- Services: HTTP banner "Express", SSH version "OpenSSH_6.0p1"
- No TLS certificate detected
---
**2. Threat Indicators**
- No direct malicious indicators (no malware, C2, or exploit signs).
- DNSBL Listings: 5/8 DNSBL entries (potential spam or abuse risk).
- BGP/Control Plane:
- BGP prefix: 106.240.0.0/12
- DNSSEC validated, CAA records present
- Route stability: Unstable (routeChanges30d = 0, isRouteStable = false)
---
**3. Observation History**
- Recent Activity (2026-06-17):
- Geolocation inferred via multi-signal analysis (confidence: 52%).
- Operator score: 0.2174 (Minimal risk label).
- HTTP fingerprint: "Express" server, TTFB: 1.66s, no HSTS.
- Historical Trends:
- 1 threat observation recorded (no persistence).
- DNSBL listings detected in 5/8 checks (high-risk DNSBLs).
---
**4. Network Relationships**
- Linked Entities:
- Same network: BORANET-KR (ASN 3786)
- No direct ties to known malicious organizations or domains.
- Subnet: 106.248.238.187/24
- Abuse density: 1 (mostly clean, but low threshold).
- No active neighbors detected.
---
**5. Recommendations**
- Monitor Traffic:
- Track SSH/RDP activity due to open ports.
- Investigate DNSBL listings for potential spam or abuse.
- Firewall Rules:
- Block non-essential ports (e.g., RDP) unless required.
- Add to DNSBL watchlists for ongoing monitoring.
- Geolocation Verification:
- Confirm IP legitimacy in Seoul, KR via geo-validation probes.
---
Note: This IP exhibits no direct malicious behavior but has indirect risks (DNSBL, unstable routing). SOC teams should prioritize monitoring for anomalous traffic patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS3786 |
| Network Name | BORANET-KR |
| CIDR Block | 106.240.0.0/12 |
| RIR | APNIC |
| Country | KR |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| 3389 | rdp | tcp | โ |
| Closed Ports | 25, 443, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:29 UTC |
| Last Seen | 2026-06-26 18:10:20 UTC |
| Profile Built | 2026-06-22 08:13:18 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.