211.116.107.222
IP Intelligence Briefing: 211.116.107.222
Date: 2026-06-18
---
**1. Risk Profile**
- Risk Score: 80 (High Risk)
- Threat Indicators:
- Listed in 5/8 DNSBLs (high severity)
- Open SSH (port 22) service with banner: `SSH-2.0-OpenSSH_6.6`
- Geolocation:
- Country: South Korea (KR)
- City: Jeonju
- Coordinates: 35.91°N, 127.77°E
- RTT: 203โ205ms (plausible residential/mobile network)
- Network Role:
- Single-service host (SSH only)
- Not residential, CDN, cloud, or mobile
---
**2. Observation History**
- Latest Activity:
- DNSBL Listings (June 18, 2026): 5/8 blacklists (high severity).
- Port Scanning (June 3, 2026): Open SSH detected; no other services.
- Geolocation Validation: Plausible, but RTT suggests potential obfuscation.
- Trend: No historical persistence; no known campaigns or email reputation issues.
---
**3. Relationships & Subnet**
- Network Affiliation:
- Registered to IP Manager (ASN 17854, APNIC).
- Subnet: 211.116.64.0/18 (owned by "broadNnet-KR").
- Neighborhood:
- No neighboring IPs reported (subnet may be isolated or underreported).
- Subnet abuse density: 0% (clean).
---
**4. Recommendations**
- Block/Rate Limit:
- Block SSH access to this IP due to high DNSBL exposure.
- Monitor for SSH brute-force attempts (e.g., using `fail2ban`).
- Investigate:
- Verify if SSH service is legitimate (e.g., check for authorized keys, firewall rules).
- Confirm ownership of the "broadNnet-KR" subnet for potential network-level threats.
- Monitoring:
- Watch for re-listing in DNSBLs or unexpected service changes.
---
Conclusion:
This IP is flagged as high risk due to DNSBL listings and open SSH, suggesting potential misuse. While the subnet appears clean, the SSH service warrants closer inspection. Immediate action is recommended to mitigate exposure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS17854 |
| Network Name | broadNnet-KR |
| CIDR Block | 211.116.64.0/18 |
| RIR | APNIC |
| Country | KR |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_6.6 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-23 08:13:41 UTC |
| Data Freshness | Fresh |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.