210.99.124.119
IP Intelligence Briefing: 210.99.124.119
*Generated via IPDebrief analysis*
---
**Risk Summary**
- Risk Score: 80/100 (High Risk)
- Threat Indicators: 5 DNSBL listings, 503 HTTP errors, no active malware indicators.
- Network Role: Mobile IP (KT Corporation, LTE/5G).
- Geolocation: South Korea (Gyeonggi-do, Siheung-si).
---
**Key Findings**
1. Ownership & Infrastructure
- Owned by IP Manager (ASN 4766, APNIC).
- Mobile IP assigned to KT Corporation (South Korea).
- Subnet 210.99.124.119/24 shows no active malicious siblings.
2. Threat & Abuse
- DNSBL Listings: Flagged on 5/8 DNSBL lists (e.g., Spamhaus, OpenDNS).
- HTTP Anomalies: Observed 503 Service Unavailable errors (June 15, 2026).
- TLS Certificate: Issued to Ruckus Wireless Inc. (self-signed, no CA validation).
3. Network Behavior
- Open Ports: HTTP (80), HTTPS (443), SSH (22).
- Mobile Carrier: KT (LTE/5G), likely residential/mobile broadband.
- Subnet Abuse: Low abuse density (0/10), no peer IP threats.
4. Historical Trends
- No persistent malicious activity detected.
- Geolocation inferred via multi-signal analysis (30% confidence).
---
**Recommended Actions**
- Block/Rate Limit: Implement firewall rules to block traffic from this IP (e.g., `iptables -A INPUT -s 210.99.124.119 -j DROP`).
- Monitor TLS: Investigate the self-signed Ruckus Wireless certificate for potential spoofing.
- Check DNSBL: Verify if the IP is linked to spam or abuse campaigns.
- Validate Mobile IP: Confirm KTโs IP allocation policies for mobile users.
---
**Next Steps**
- Cross-reference with internal threat feeds for known malicious domains.
- Monitor for DNS changes or new TLS certificates.
- Validate geolocation accuracy using additional probes.
End of Briefing
*Generated by IPDebrief โ IP Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2023-07-27T15:40:37+00:00 |
| Valid Until | 2048-07-27T15:40:37+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 9132 days |
| Serial Number | 08D445AA |
| Thumbprint | 841EBBD0108D86872E5B048BE4DBE511BF70C34D |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says KR
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-25 09:50:42 UTC |
| Data Freshness | Fresh |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.