Threat Intelligence Briefing: IP 118.43.202.68/32
Profile Overview
- Risk Score: 80/100 (High Risk)
- Ownership: Owned by *IP Manager* (ASN 4766, Korea Telecom, KR).
- Geolocation: Confirmed in South Korea (Ulsan, Nam-gu), but historical data suggests potential China-based activity.
- Network Role: Mobile network (KT Corporation, LTE/5G).
- Threat Indicators: No direct malicious activity detected; no known campaigns or abuse reports.
Key Observations
1. Geolocation Discrepancy: Current geolocation places the IP in South Korea, but historical signals (e.g., BGP data) show inferred locations in China. This may indicate network misconfiguration, transit routing, or spoofing.
2. Network Relationships: Linked to the *KORNET-KR* network (Korea Telecom), suggesting it is part of a larger mobile infrastructure.
3. Risk Context: High risk score due to potential misuse (e.g., mobile network vulnerabilities) and sparse neighbor analysis (no active IPs in the /24 subnet).
Recommended Actions
- Block the IP: Implement firewall rules to drop traffic from 118.43.202.68 using:
- `iptables`: `iptables -A INPUT -s 118.43.202.68 -j DROP`
- Cloudflare/WAF: Block via IP-based rule with description "IPDebrief risk 80".
- Monitor for Anomalies: Investigate geolocation inconsistencies and check for unexpected traffic patterns, given the mobile carrier context.
- Verify Ownership: Confirm Korea Telecomβs operational scope to resolve conflicting location data.
Conclusion
This IP poses a high-risk profile due to its mobile network association and ambiguous geolocation. While no direct malicious activity is detected, proactive monitoring and network validation are critical to mitigate potential risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | β |
| CIDR Block | β |
| RIR | APNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 20% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Fresh
| First Seen | 2026-05-07 23:03:34 UTC |
| Last Seen | 2026-06-25 07:54:24 UTC |
| Profile Built | 2026-06-24 11:06:06 UTC |
| Data Freshness | Fresh |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.