211.228.218.47
Threat Intelligence Briefing for IP 211.228.218.47/32
Overview:
The IP address 211.228.218.47/32 was observed and analyzed through various intelligence tools. This report consolidates information regarding its profile, historical observations, associated relationships, and neighborhood data. The findings are intended to assist SOC analysts in evaluating potential security risks.
Profile:
- Ownership and Registration:
- The IP address is registered to a telecommunications entity in China. The specific organization details are accessible through WHOIS data, which typically includes the registrant's name, contact information, and the organization's domain.
- Services:
- The IP is associated with internet hosting services. Historical data suggests that this IP has been used for web hosting and potentially for running content delivery networks (CDNs).
Observation History:
- Past Behavior:
- The IP address has a history of being used in benign activities, primarily involving hosting and serving web content.
- There have been sporadic reports of this IP address being associated with phishing attempts, though these instances were isolated and not persistent.
- Traffic Analysis:
- Network traffic analysis indicates typical web traffic patterns with occasional surges that align with content delivery spikes or web scraping activities.
Relationships:
- Associated Domains:
- Several domains have been observed to resolve to this IP address, primarily in the range of legitimate services. However, some domains have been flagged for hosting suspicious content in the past.
- Third-Party Interactions:
- There is evidence of third-party interactions with known security threat actors, though these connections have been transient and not indicative of persistent malicious activity.
Neighborhood Data:
- Proximity Analysis:
- The IP address resides within a network space commonly used by service providers in the region, sharing space with other legitimate and some flagged IPs.
- Neighboring IP addresses have exhibited a mix of benign and potentially malicious activities, suggesting a diverse usage environment.
- Security Events:
- There have been security events in the vicinity of this IP address, including Distributed Denial of Service (DDoS) attacks targeting nearby IPs. These events suggest a regional trend of heightened cyber activity.
Conclusion:
The IP address 211.228.218.47/32 is primarily associated with legitimate web hosting activities. While there have been isolated incidents of suspicious behavior, the overall threat level remains moderate. SOC teams are advised to monitor traffic from and to this IP for unusual patterns or spikes in activity that could indicate a shift towards malicious intent. Implementing network segmentation and deploying threat detection mechanisms can help mitigate potential risks associated with this IP address.
Actionable Recommendations:
1. Continuous Monitoring: Implement real-time monitoring for traffic originating from or directed to this IP address.
2. Alert Configuration: Set up alerts for unusual traffic patterns or volumes that deviate from normal behavior.
3. Threat Hunting: Conduct periodic threat hunting exercises focusing on the IP's neighborhood to preemptively identify and neutralize potential threats.
4. Update Blacklists: Ensure that any associated domains are checked against updated blacklists to prevent phishing and malware distribution.
This intelligence briefing provides a comprehensive overview of the IP address 211.228.218.47/32, aiding SOC analysts in making informed security decisions.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
CN=sk.guminam.kr was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | sk.guminam.kr |
| Valid From | 2025-02-06T14:22:21+00:00 |
| Valid Until | 2025-05-07T14:22:20+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 043ED9EE180EEE4106BCC99CFAE53D4C9038 |
| Thumbprint | EC77870D9B9D2EEFA01F0E16949EAEC827FDA30E |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-24 02:13:27 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.