211.57.200.119
IP Intelligence Briefing for 211.57.200.119/32
Date: 2026-06-12
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN 4766 (KIXS-AS-KR)
- Organization: IP Manager (KORNET-KR)
- Mobile Carrier: KT Corporation (South Korea)
- Geolocation:
- Registered to South Korea (KR) via APNIC
- Conflicting geolocation data: "US-NY" (NYC, USA) vs. mobile carrier (KT, KR)
- Network Role:
- Mobile device (LTE/5G)
- No open ports/services detected
- BGP prefix: 211.57.0.0/16
---
**2. Threat Indicators**
- DNSBL Listings:
- Listed in 4/8 DNSBLs (high severity risk)
- No resolved PTR records or domain associations
- Control Plane:
- BGP route stability: Unstable (route changes in 30 days)
- DNSSEC valid, but no CAA records
- 4/8 DNSBL lists detected in historical observations
---
**3. Observation History**
- Recent Activity:
- 12 observations since June 12, 2026
- 4 DNSBL listings (high severity)
- 1 DNS validation (valid, no RRSIG)
- 1 BGP ASN lookup (KORNET-KR)
- 1 DNS lookup (no PTR)
- Traceroute: 17 hops (2 timed out), transit via Comcast
---
**4. Relationships**
- Network Links:
- Strong ties to KORNET-KR (ASN 4766)
- No external subnets or organizations linked
---
**5. Neighborhood Analysis**
- Subnet: 211.57.200.0/22
- Neighbor Data:
- 0 active neighbors detected
- Subnet abuse density: 0%
- No sibling IPs identified
---
**6. Actionable Insights**
- Risk Context:
- High-risk score correlates with DNSBL listings and unstable BGP routes.
- Conflicting geolocation (US vs. South Korea) suggests potential spoofing or mobile device.
- Recommendations:
- Monitor DNSBL listings and BGP route stability.
- Investigate geolocation discrepancies (check for IP spoofing or mobile network anomalies).
- Block the IP in firewalls using rules generated via `ipdebrief_actions` (not shown here).
---
Next Steps: Validate geolocation anomalies, verify DNSBL sources, and monitor BGP route stability. This IP aligns with KT Corporationβs mobile network but shows signs of malicious activity in historical data.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | KORNET-KR |
| CIDR Block | 211.57.200.0/22 |
| RIR | APNIC |
| Country | KR |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 2 |
| routing | 20% | 1 | 1 |
| services | 20% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 20% | 1 | 2 |
| geolocation | 23% | 2 | 2 |
| Overall | 23% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Fresh
| First Seen | 2026-05-30 23:04:23 UTC |
| Last Seen | 2026-06-26 18:11:06 UTC |
| Profile Built | 2026-06-14 03:13:05 UTC |
| Data Freshness | Fresh |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.