114.111.52.187
IP Intelligence Dossier
Your IP: 216.73.217.135
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 114.111.52.187
Date: 2026-06-10
---
**1. Risk Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: APNIC (ASN 54994)
- Organization: IP Manager (CDNETWORKS-KR)
- Geolocation: South Korea (KR), Latitude 37.51, Longitude 126.97
- Threat Indicators: No active malicious indicators (no malware, phishing, or C2 activity).
---
**2. Network & Ownership**
- Subnet: 114.111.52.0/24 (part of CDNETWORKS-KR)
- Registration: APNIC, registered to "IP Manager" (hostmaster@nic.or.kr).
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP services detected).
- BGP: Route stable, no recent changes. DNSSEC validated.
---
**3. Threat Observations (Last 30 Days)**
- DNSBL Listings (8 lists): 1 high-severity listing (confidence 0.85).
- DNSSEC: Minimal issues (confidence 0.30).
- Ownership Stability: No ownership changes.
- Threat Persistence: No persistent malicious activity.
---
**4. Relationships & Neighbors**
- Linked Entities: Same network "CDNETWORKS-KR" (no other direct relationships).
- Neighbors (114.111.52.0/24):
- 114.111.52.109 (Risk: 50)
- 114.111.52.185 (Risk: 50)
- Subnet Abuse Density: 0% (no malicious activity in neighbors).
---
**5. Analysis & Recommendations**
- No Direct Threat: No confirmed malicious activity (no malware, C2, or phishing indicators).
- Monitor DNSBL Listings: The IP is listed in 8 DNSBLs, though with high confidence. Verify if these are false positives or part of a larger campaign.
- Network Context: Likely a private/internal IP (firewalled, no services exposed). Verify if it belongs to a legitimate organization or is part of a compromised network.
- No Immediate Action Required: No actionable rules or firewall mitigations needed, but continued monitoring of DNS and network behavior is advised.
---
Product: IPDebrief | Copyright: © 2026 Jason Alberino. All rights reserved.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS54994 |
| Network Name | CDNETWORKS-KR |
| CIDR Block | 114.111.48.0/20 |
| RIR | APNIC |
| Country | KR |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 14% | 6 | 7 |
Coverage: 5/6 dimensions ยท Data sufficiency: partial
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 00:39:58 UTC |
| Last Seen | 2026-06-10 18:34:39 UTC |
| Profile Built | 2026-06-10 19:09:28 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 15 |
๐ 15 signal types ยท 15 observations collected
This report is generated from 15+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.