218.149.170.76
## IP INTELLIGENCE BRIEFING: 218.149.170.76/32
Classification: High Risk (Score: 70/100)
Analysis Date: 2026-06-25
Reporting Authority: IPDebrief Intelligence Division
---
EXECUTIVE SUMMARY
Target IP 218.149.170.76 is classified as High Risk with a risk score of 70/100. The address is associated with Korea Telecom (ASN 4766) and geolocated to Seogwipo, Jeju-do, South Korea. Network classification indicates mobile carrier traffic (KT Corporation, LTE/5G technology). The IP has been listed on 4 DNS blacklists and shows elevated risk indicators warranting defensive action.
---
TECHNICAL PROFILE
Ownership & Network:
- ASN: 4766 (KIXS-AS-KR-KR - Korea Telecom)
- Organization: IP Manager
- Registry: APNIC
- Network Prefix: 218.144.0.0/13
- Route Stability: Not stable (isRouteStable: false)
Geolocation:
- Country: South Korea (KR)
- Region: Jeju-do
- City: Seogwipo
- Coordinates: 35.91°N, 127.77°E
- Accuracy Radius: 250 km
Network Role:
- Classification: Mobile
- Carrier: KT Corporation (MCC: 450, MNC: 08)
- Technology: LTE/5G
- Services: No open ports detected (Firewalled / No Services)
---
THREAT INDICATORS
Risk Profile:
- Overall Risk Score: 70/100 (High Risk)
- Abuse Confidence Score: Not available
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- DNSBL Listings: 4/8 total lists
Control Plane Analysis:
- RPKI State: Not validated
- IRR Consistency: Not assessed
- DNSSEC Valid: Yes
- Operator Score: 0.1304 (Minimal)
- Threat Observation Count: 1
---
OBSERVATION HISTORY
Total Observations: 19 signals recorded
Most Recent Activity: 2026-06-25T06:09:50 UTC
Key Historical Signals:
1. ASN Resolution: 2026-06-25 - ASN 4766 (Korea Telecom)
2. Geolocation: 2026-06-25 - Seogwipo, KR (confidence: 0.52)
3. Operator Classification: 2026-06-25 - "Minimal" operator score
4. Network Role: 2026-06-05 - No CDN/Proxy/Tor/Cloud indicators
5. Network Type: 2026-06-05 - Mobile classification confirmed
The IP demonstrates consistent geolocation and ASN attribution over the observation period with no significant ownership changes.
---
NETWORK RELATIONSHIPS
Total Relationships: 12
Primary Network: KORNET-KR (Korea Telecom)
All relationships indicate connectivity within the same network infrastructure (KORNET-KR), confirming the IP operates within Korea Telecom's network backbone. No cross-network associations detected.
---
NEIGHBORHOOD ANALYSIS
Subnet: 218.149.170.76/24
Abuse Density: 0 (mostly_clean classification)
Total Siblings: 1
Active Siblings: 0
Threat Siblings: 1
The /24 subnet shows minimal abuse density with inherited risk score of 2. This indicates the target IP is an outlier within its local subnet, operating independently from neighboring addresses.
---
RECOMMENDED ACTIONS
Severity: HIGH
Category: Monitoring & Blocking
Recommended Firewall Rules:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 218.149.170.76 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 218.149.170.76 drop` |
| nginx | `deny 218.149.170.76;` |
| pfSense | `218.149.170.76/32` (block rule) |
| Cloudflare WAF | Block with expression: `ip.src eq 218.149.170.76` |
| AWS WAF | Block with addresses: `218.149.170.76/32` |
Additional Recommendations:
1. Increase logging verbosity for traffic from this IP address
2. Review recent activity patterns for anomalies
3. Monitor for new DNSBL listings (currently 4/8)
4. Validate blocking rules in staging environments before deployment
---
ANALYST NOTES
The IP address presents moderate-to-high risk primarily due to its classification on multiple DNS blacklists and elevated risk score. Despite mobile carrier classification and lack of open services, the DNSBL listings suggest prior malicious activity or association with compromised endpoints. The consistent geolocation and network attribution indicate persistent operation rather than transient scanning behavior. Recommended blocking with logging for intelligence gathering purposes.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 11:10:24 UTC |
| Last Seen | 2026-06-25 06:08:52 UTC |
| Profile Built | 2026-06-25 06:24:51 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 19 |
Full dossier details are available via our API.