211.105.231.21
IP Intelligence Briefing: 211.105.231.21
Date: 2026-06-05
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN: 4766 (IP Manager)
- Country: South Korea (KR)
- Mobile Carrier: KT Corporation (MCC 450, MNC 08)
- Geolocation:
- City: Wanju, Jeollabuk-do, South Korea
- Coordinates: 35.83°N, 127.04°E
- Timezone: Asia/Seoul
---
**2. Threat Indicators**
- DNSBL Listings:
- Listed in 5/8 DNSBL feeds (e.g., Spamhaus, Barracuda).
- No active malware or exploit indicators detected.
- Network Role:
- Mobile Carrier (KT) LTE/5G infrastructure.
- No public services (ports, TLS, HTTP) observed.
---
**3. Observation History**
- Recent Activity (Last 30 Days):
- 16 observations, with 5 DNSBL listings.
- Geolocation consistency: Plausible (South Korea).
- No persistent threat signals (e.g., malware, C2).
---
**4. Relationships**
- Network Associations:
- Linked to KORNET-KR (KT's network).
- No external hostnames or domains resolved.
- DNS Associations:
- Failed DNS queries to internal IP (192.168.2.108), suggesting potential internal network testing.
---
**5. Neighborhood Analysis**
- Subnet: 211.105.231.21/24
- Abuse Density: 0% (no malicious neighbors detected).
---
**6. Recommendations**
- Monitoring: Track DNSBL listings and monitor for unexpected network behavior.
- Blocking: Consider blocking based on mobile carrier classification if suspicious activity persists.
- Investigation: Validate DNS query failures to rule out internal network testing or misconfigurations.
Note: This IP is part of a mobile carrier's infrastructure, which may have legitimate traffic. However, DNSBL listings warrant further scrutiny.
---
*Generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | GoAhead-Webs |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2021-03-20T07:23:38+00:00 |
| Valid Until | 2046-03-21T07:23:38+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 9132 days |
| Serial Number | 2BB36DBD |
| Thumbprint | 6D8289BA3B9C748AF61101146953305241B167B3 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 23% | 2 | 2 |
| routing | 20% | 1 | 1 |
| services | 16% | 1 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 19% | 8 | 11 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says KR
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-15 20:47:42 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-25 09:50:42 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.