175.207.239.76
# IP Intelligence Briefing: 175.207.239.76/32
## Executive Summary
IP address 175.207.239.76 is classified as high risk with a risk score of 70/100. The IP is registered to ASN 4766 (IP Manager) under APNIC and is located in Jeju City, South Korea (KR). The address is associated with mobile carrier KT Corporation and operates as a web server with HTTP, HTTPS, and SSH services enabled.
## Risk Profile
The IP received a risk score of 70, indicating elevated threat activity. The address appears on four out of eight DNS blacklist lists. Control plane analysis shows BGP origin through ASN 4766 with prefix 175.200.0.0/13. RPKI validation and IRR consistency were not definitively resolved in available data. The operator score registered as "Basic" (0.3478), suggesting limited routing infrastructure.
## Geolocation and Ownership
Geolocation data indicates South Korea (KR) with coordinates 35.91°N, 127.77°E in Jeju City. The IP is associated with mobile carrier KT Corporation (KT), utilizing LTE/5G connection technology. Ruckus Wireless Inc. issued an SSL certificate (SN-382202006472) associated with this address.
## Network Services
Open ports identified:
- Port 80/TCP: HTTP
- Port 443/TCP: HTTPS (TLS certificate present)
- Port 22/TCP: SSH
HTTP probing returned 503 Service Unavailable responses with HTTP/1.1 protocol. The server did not present identifiable application banners or technology fingerprints.
## Threat Indicators
Current threat indicators include blacklist presence across multiple feeds. The IP is not identified as a Tor exit node or known attacker. No active campaigns were correlated. The temporal data shows one threat observation with zero persistent malicious activity detected.
## Neighborhood Analysis
Subnet 175.207.239.76/24 shows mostly_clean classification with abuse density of 0. Two sibling IPs exist in the /24 range, with one active threat sibling identified at 175.207.239.222 (risk score 70, authority score 50).
## Observation History
28 signals were recorded over the observation period. Recent listings show blacklisting activity across 8 total lists with maximum severity rated high. Geolocation inference consistently points to South Korea. Operator assessments remain at Basic level.
## Recommended Actions
Based on the risk profile, the following defensive measures are recommended:
Firewall Rules:
- iptables: `iptables -A INPUT -s 175.207.239.76 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 175.207.239.76 drop`
- nginx: `deny 175.207.239.76;`
- pfSense: `175.207.239.76/32`
- Cloudflare WAF: Block with expression `ip.src eq 175.207.239.76`
- AWS WAF: Add to address set `175.207.239.76/32`
Monitoring:
Increase logging verbosity and review recent activity from this IP due to the elevated risk score of 70/100.
## Intelligence Conclusion
IP 175.207.239.76 represents a high-risk endpoint requiring defensive attention. The combination of blacklist presence, operator classification, and neighborhood threat density suggests potential abuse activity. Recommended firewall blocking is supported by the risk score assessment, though correlation with additional threat intelligence feeds is advised before implementing permanent blocking policies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | 175.200.0.0/13 |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2022-09-03T08:45:15+00:00 |
| Valid Until | 2047-09-04T08:45:15+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 9132 days |
| Serial Number | 6610CE5D |
| Thumbprint | 0131EAC99EFDF1712381849FEB02CABDC35D2AB6 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 29% | 2 | 4 |
| ownership | 24% | 3 | 4 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says KR
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:55 UTC |
| Last Seen | 2026-06-26 18:10:47 UTC |
| Profile Built | 2026-06-25 05:23:40 UTC |
| Data Freshness | Fresh |
| Signal Types | 27 |
| Total Observations | 28 |
Full dossier details are available via our API.