# IP Intelligence Briefing: 112.161.42.97/32
Classification: HIGH RISK
Date: 2026-06-22
Source: IPDebrief Intelligence Platform
## Executive Summary
IP 112.161.42.97 is classified as high risk (80/100) with a mobile carrier connection from Korea. The IP is associated with KT Corporation (ASN 4766) and registered under the KORNET-KR network. While no direct attack indicators were identified in threat feeds, the elevated risk score warrants immediate monitoring and firewall restrictions.
## Technical Profile
Geolocation:
- Country: South Korea (KR)
- City: Goyang-si
- Coordinates: 35.91°N, 127.77°E
- Timezone: Asia/Seoul
Network Attribution:
- ASN: 4766 (KIXS-AS-KR-KR - Korea Telecom)
- Organization: IP Manager
- RIR: APNIC
- Mobile Carrier: KT Corporation (MCC: 450, MNC: 08)
- Connection Type: LTE/5G
Network Role:
- Classification: Single-Service Host
- Mobile Connection: Yes
- Service Purpose: Single-Service Host
Open Services:
- Port 22/TCP: SSH (SSH-1.99-OpenSSH_4.3)
## Risk Assessment
Risk Score: 80/100 (HIGH RISK)
- Control Plane Operator Score: 0.1304 (Minimal)
- DNSBL Lists: 6 of 8 total lists
- Abuse Confidence: Null
- Is Tor Exit: No
- Known Attacker: No
- Spam Source: No
## Temporal Analysis
Observation History:
- Total Observations: 19
- Data Sufficiency: 6/6 dimensions covered
- Recent Activity:
- 2026-06-22T09:22:49: ASN 4766, 112.160.0.0/12 (Korea Telecom)
- 2026-06-22T09:22:36: Banner analysis (no matches)
- 2026-06-22T09:22:11: Operator score 0 (Minimal)
- 2026-06-17T05:36:03: ASN 4766, 112.160.0.0/13 (Korea Telecom)
Stability Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
## Network Neighborhood
Subnet Analysis: 112.161.42.97/24
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Abuse Density: 1
- Classification: mostly_clean
- Inherited Risk: 2
## Relationship Graph
- Total Relationships: 24
- Primary Association: KORNET-KR network (24 instances)
- Network Type: Same Network (KORNET-KR)
## Recommended Actions
Priority: CRITICAL
Monitoring:
- Increase logging verbosity and review recent activity from this IP
- Elevated risk score (80/100) requires enhanced observation
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 112.161.42.97 -j DROP
# nftables
nft add rule inet filter input ip saddr 112.161.42.97 drop
# nginx
deny 112.161.42.97;
# pfSense
112.161.42.97/32
# Cloudflare WAF
{
"description": "Block 112.161.42.97 โ IPDebrief risk score 80",
"action": "block",
"filter": {
"expression": "ip.src eq 112.161.42.97"
}
}
# AWS WAF
{
"Addresses": ["112.161.42.97/32"],
"Description": "IPDebrief risk 80"
}
```
## Intelligence Narrative
The IP address 112.161.42.97 presents a high-risk profile with a score of 80/100. While the IP lacks direct threat feed indicators and is not classified as a known attacker or spam source, its mobile carrier connection (KT Corporation) combined with a single-service host configuration and presence on 6 of 8 DNSBL lists elevates concern. The network infrastructure shows stable ASN attribution to Korea Telecom (4766) with no ownership changes recorded. The subnet (112.161.42.0/24) exhibits low abuse density and is classified as mostly clean, suggesting this specific IP may have elevated risk relative to its peer neighborhood.
Recommended SOC Actions:
1. Block immediate access at perimeter firewalls and WAF
2. Enable enhanced logging for any observed traffic
3. Monitor for lateral movement or beaconing behavior
4. Correlate with other high-risk IPs from the same subnet
---
*This briefing was generated using IPDebrief intelligence platform data. Recommendations should be validated against organizational security policies before implementation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-1.99-OpenSSH_4.3 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 26% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:31 UTC |
| Last Seen | 2026-06-25 20:08:45 UTC |
| Profile Built | 2026-06-23 06:55:39 UTC |
| Data Freshness | Fresh |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.