211.63.34.149

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 211.63.34.149

Date: June 16, 2026

---

1. Core Profile

Risk Score: 80 (High Risk)
Geolocation: Seoul, South Korea (35.91°N, 127.77°E)
Network:

- ASN: 3786 (IP Manager)

- Subnet: 211.63.32.0/19 (Bogon: No)

- Hosting: Web server (HTTP/HTTPS via Nginx)

Threat Indicators: No active threats, spam, or malicious campaigns detected.
Services:

- Open ports: 80 (HTTP), 443 (HTTPS)

- TLS Certificate: Valid (Let’s Encrypt, CN=pro2000.synology.me)

- HTTP Response: 403 Forbidden (potential misconfiguration or access control).

---

2. Neighborhood Analysis

Subnet: 211.63.34.149/24
Abuse Density: 0% (mostly clean)
Neighbors:

- No active sibling IPs reported.

- Subnet inherited risk: 2 (low).

Note: No malicious activity detected in the subnet, but the IP’s high risk score may correlate with broader network context.

---

3. Relationships & Dependencies

Network Relationships:

- Linked to BORANET-KR (APNIC) network.

- No direct ties to domains, organizations, or certificates.

DNS:

- No PTR records or domain associations.

- DNSSEC valid,CAA records present.

---

4. Observation History

Recent Activity:

- June 16, 2026: HTTP server fingerprinted (Nginx, TLSv1.2).

- June 14, 2026: Low operator risk (0.2174) with minimal DNS anomalies.

- June 3, 2026: Geolocation validated (8,487 km from probe, RTT 214.8ms).

Trends: No persistent threats; risk score stable.

---

5. Recommendations

Monitor: The 403 HTTP status and high risk score warrant closer scrutiny for potential misconfigurations or false positives.
Verify: Confirm server access controls and ensure TLS configurations are up-to-date.
Network: No immediate action required for the subnet, but isolate this IP if suspicious behavior emerges.

SOC Analyst Note: This IP appears legitimate but requires further validation due to its high risk score and ambiguous HTTP response. Cross-reference with internal threat feeds for context.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇰🇷 South Korea
Region	Seoul
City	Yongsan-dong (Hangang-daero)
Timezone	Asia/Seoul
Latitude	35.91
Longitude	127.77

🏢 Ownership & Registration

Organization	IP Manager
ASN	AS3786
Network Name	BORANET-KR
CIDR Block	211.63.32.0/19
RIR	APNIC
Country	KR
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx
HTTP Title	—

🔐 TLS Certificate

An expired certificate for CN=pro2000.synology.me was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=pro2000.synology.me

Issued by CN=R13, O=Let's Encrypt, C=US

Self-signed: No

SANs	pro2000.synology.me
Valid From	2026-03-13T10:20:16+00:00
Valid Until	2026-06-11T10:20:15+00:00 (expired)
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	06FCC850C3F1E9AB87973BA9A0B776074AB2
Thumbprint	B31A1F2C529D469A6DBAC01D166EE82476248156

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	28%	2	4
ownership	24%	2	3
reputation	22%	1	3
geolocation	30%	2	3
Overall	23%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Fresh

First Seen	2026-05-07 23:04:11 UTC
Last Seen	2026-06-26 18:11:06 UTC
Profile Built	2026-06-25 09:50:42 UTC
Data Freshness	Fresh
Signal Types	23
Total Observations	25

🔍 23 signal types · 25 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

211.63.34.149📋 Copy

**1. Core Profile**

**2. Neighborhood Analysis**

**3. Relationships & Dependencies**

**4. Observation History**

**5. Recommendations**