210.105.93.136

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 210.105.93.136

Classification: High Risk (Score: 80/100)

Date: June 2026

Prepared by: IPDebrief Intelligence Unit

## Executive Summary

IP address 210.105.93.136 is a mobile-associated web server infrastructure endpoint located in Daejeon, South Korea, operating under ASN 4766 (IP Manager). Despite exhibiting a clean subnet environment with zero abuse density, the individual endpoint demonstrates elevated risk characteristics warranting defensive attention.

## Key Risk Indicators

Network Classification:

Mobile carrier association: KT Corporation (MCC: 450, MNC: 08)
Connection technology: LTE/5G
Network role: Web Server with HTTP/HTTPS/SSH services
BGP prefix: 210.105.0.0/16 (route stability: false)

Geolocation:

Country: South Korea (KR)
Region: Daejeon, Dong-gu
Coordinates: 35.91°N, 127.77°E
RTT measurements: Avg 209.4ms, Min 207ms, Max 211ms

Threat Profile:

Reputation: High Risk
DNSBL listings: 5 of 8 total lists
No direct threat indicators detected
No known campaigns or attacker associations

## Observed Behavior

Service Footprint:

Port 80/tcp: HTTP service
Port 443/tcp: HTTPS service with Ruckus Wireless TLS certificate
Port 22/tcp: SSH service

Historical Observations:

22 signal observations recorded since June 2018
Recent HTTP responses showing 503 service unavailable status
Security headers present: X-Frame-Options (SAMEORIGIN), X-Content-Type-Options (nosniff)
No SPF/DMARC email authentication configured

Network Relationships:

25 relationship entries mapping to KORNET-KR network infrastructure
Single neighbor IP (210.105.93.142) with risk score of 0
Subnet classification: Clean, no inherited risk

## Recommended Actions

Immediate:

Implement blocking via firewall rules for iptables, nftables, pfSense, Cloudflare WAF, and AWS WAF
Increase logging verbosity for traffic from this IP address

Firewall Rules Provided:

```bash

# iptables

iptables -A INPUT -s 210.105.93.136 -j DROP

# nftables

nft add rule inet filter input ip saddr 210.105.93.136 drop

```

Monitoring Priority:

Critical severity: Elevated risk score (80/100)
Review recent activity patterns despite clean subnet classification
Monitor for lateral movement to associated mobile infrastructure

## Risk Assessment

This IP represents a high-risk endpoint operating on mobile infrastructure with web server capabilities. While the surrounding subnet demonstrates minimal abuse density, the individual endpoint's risk profile suggests potential for malicious activity. The combination of mobile carrier association, route instability, and DNSBL presence warrants defensive containment measures.

Status: BLOCK RECOMMENDED

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇰🇷 South Korea
Region	Daejeon
City	Dong-gu
Timezone	Asia/Seoul
Latitude	35.91
Longitude	127.77

🏢 Ownership & Registration

Organization	IP Manager
ASN	AS4766
Network Name	—
CIDR Block	—
RIR	APNIC
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	—
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

C=US, S=California, L=Sunnyvale, O=Ruckus Wireless Inc., CN=SN-992202001330

Issued by C=US, S=California, L=Sunnyvale, O=Ruckus Wireless Inc., CN=RuckusPKI-DeviceSubCA-2

Self-signed: No

SANs	None
Valid From	2022-02-12T08:20:12+00:00
Valid Until	2047-02-13T08:20:12+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	9132 days
Serial Number	4420AA00
Thumbprint	96EF579983FE9E7F22B8F08B4E741235D21B6B89

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	28%	2	3
ownership	20%	2	3
reputation	15%	1	2
geolocation	32%	2	3
Overall	23%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: KR, US
⚠ TLS certificate claims US but primary geo says KR

📅 Observation Timeline 🔄 Fresh

First Seen	2026-05-07 23:04:10 UTC
Last Seen	2026-06-26 18:11:06 UTC
Profile Built	2026-06-25 09:50:42 UTC
Data Freshness	Fresh
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

210.105.93.136📋 Copy