211.198.128.124

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 211.198.128.124

Classification: HIGH RISK / MOBILE ENDPOINT

Date: June 2026

Prepared by: IP Intelligence Team

## EXECUTIVE SUMMARY

IP 211.198.128.124 is a high-risk mobile endpoint operating from Seoul, South Korea. The IP demonstrates elevated threat characteristics with a risk score of 80/100 and is actively listed on 6 of 8 DNS blacklists. The address operates as a mobile carrier endpoint (KT Corporation) with single-service host profile and SSH service exposure.

## NETWORK OWNERSHIP AND GEOLOCATION

ASN: 4766 (IP Manager)
Organization: IP Manager
Country: South Korea (KR)
City/Region: Seoul
ISP/Carrier: KT Corporation (Mobile)
Technology: LTE/5G
RIR: APNIC
BGP Prefix: 211.192.0.0/13

## THREAT PROFILE

Risk Score: 80/100
Abuse Confidence: Elevated
DNSBL Listings: 6/8 blacklists
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Blacklist Count: 0 (direct)

## NETWORK SERVICE FINGERPRINT

Open Ports: TCP/22 (SSH - OpenSSH 8.0)
Service Type: Single-Service Host
Forward Resolution: Not confirmed
PTR Records: None detected
Email Authentication: SPF/DMARC not configured

## NEIGHBORHOOD ANALYSIS

The IP resides in subnet 211.198.128.0/24 with the following characteristics:

Abuse Density: 1.0 (High)
Total Siblings: 2
Active Siblings: 2
Threat Siblings: 1
Notable Neighbor: 211.198.128.204 (Risk Score: 80, Authority Score: 50)

The neighborhood shows concentrated risk with one additional high-risk endpoint in the same /24, indicating potential coordinated activity or shared infrastructure.

## TEMPORAL ANALYSIS

Observation Count: 19 signals recorded
Campaign Likelihood: None detected
Threat Persistence: Not flagged as persistently malicious
Ownership Changes: 0
Recent Activity: Observed as recently as June 23, 2026

## RELATIONSHIP GRAPH

The IP maintains 19 documented relationships, all classified as "Same Network" targeting KORNET-KR (Korea national network infrastructure). This indicates the endpoint is part of Korea's national network routing.

## OBSERVATION HISTORY

Historical signals show:

Consistent mobile carrier identification
Stable geographic attribution to Seoul
No significant changes in ownership or network classification
Multiple operator score assessments with minimal operator control

## RECOMMENDED ACTIONS

Based on the high-risk profile, the following defensive measures are recommended:

1. Block SSH Access: Restrict TCP/22 from this mobile endpoint at perimeter firewalls

2. Monitor for Exploitation: SSH services on mobile endpoints often indicate potential abuse for lateral movement

3. DNSBL Verification: Confirm current blacklist status across major feeds

4. Geolocation Blocking: Consider blocking all traffic from this subnet (211.198.128.0/24) if policy permits

5. Correlation: Investigate the neighboring IP 211.198.128.204 which shares the same risk score

## RISK ASSESSMENT

OVERALL RISK: HIGH

This endpoint presents a moderate to high threat profile primarily due to:

Active DNSBL listings (6/8)
High risk score (80)
Mobile carrier infrastructure (potential for credential harvesting or botnet activity)
Concentrated risk in neighboring subnet

MITIGATION PRIORITY: MEDIUM-HIGH

---

*Intelligence generated from IPDebrief platform. Data current as of June 2026.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇰🇷 South Korea
Region	Seoul
City	Seoul
Timezone	Asia/Seoul
Latitude	35.91
Longitude	127.77

🏢 Ownership & Registration

Organization	IP Manager
ASN	AS4766
Network Name	—
CIDR Block	—
RIR	APNIC
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.0
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.0

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	13%	1	1
services	15%	2	2
ownership	24%	2	3
reputation	26%	1	3
geolocation	21%	2	2
Overall	22%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Fresh

First Seen	2026-05-07 23:04:10 UTC
Last Seen	2026-06-26 18:11:06 UTC
Profile Built	2026-06-23 08:09:18 UTC
Data Freshness	Fresh
Signal Types	17
Total Observations	18

🔍 17 signal types · 18 observations collected

This report is generated from 17+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

211.198.128.124📋 Copy