219.248.4.146

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

INTELLIGENCE BRIEFING: 219.248.4.146/32

SUBJECT: High-Risk South Korean Multi-Service Host

DATE: Current

RISK SCORE: 80/100 (High Risk)

---

EXECUTIVE SUMMARY

Target 219.248.4.146 is a high-risk multi-service host located in Gimpo-si, Gyeonggi-do, South Korea (KR). The IP is registered under ASN 9318 (IP Manager) for the broadNnet-KR network block 219.248.0.0/14. Current reputation assessment indicates significant abuse potential with multiple blacklist listings.

---

KEY FINDINGS

Network & Ownership:

ASN: 9318 (IP Manager)
Organization: broadNnet-KR
CIDR Block: 219.248.0.0/14
RIR: APNIC
Location: South Korea, Gyeonggi-do, Gimpo-si (35.91°N, 127.77°E)

Threat Indicators:

Blacklist Status: Listed on 5 of 8 total DNSBL lists (max severity: HIGH)
Risk Score: 80/100 (High Risk classification)
Abuse Confidence: Present (multiple blacklist sources)
Not classified as Tor exit node, known attacker, spam source, or proxy

Network Services:

Port 22 (SSH): Open — Banner indicates OpenSSH_7.9p1 Raspbian
Port 3389 (RDP): Open — Remote Desktop Protocol listening
DNS: No PTR records, no reverse resolution confirmed
Email Authentication: SPF/DMARC not configured

Control Plane:

Operator Score: 0.1304 (Minimal)
DNSSEC: Valid
Route stability: Unstable (isRouteStable: false)
RPKI/IRR: No consistency data available

---

OBSERVATION HISTORY

Total Observations: 18
Recent Activity:

- June 23, 2026: High-severity blacklist listing detected (5/8 total lists)

- June 18, 2026: Prior high-severity listing observed

Threat Persistence: Single threat observation (0 days persistent)
Status: Not persistently malicious

Neighborhood Analysis (219.248.4.0/24):

Abuse Density: 1
Classification: Mostly clean
Threat siblings: 1 active threat IP identified

---

RELATIONSHIP MAPPING

19 relationships identified, all mapping to same network (broadNnet-KR)
No external organization, hostname, or certificate relationships detected
Correlation indicates network-based infrastructure

---

RECOMMENDED ACTIONS

Immediate (Critical):

1. Block traffic at perimeter firewall using provided rules

2. Increase logging verbosity for all traffic from this source

3. Review recent activity from 219.248.4.146 for malicious patterns

Firewall Rules Available:

iptables: `iptables -A INPUT -s 219.248.4.146 -j DROP`
nftables: `nft add rule inet filter input ip saddr 219.248.4.146 drop`
nginx: `deny 219.248.4.146;`
Cloudflare WAF: Block with expression `ip.src eq 219.248.4.146`
AWS WAF: Add 219.248.4.146/32 to block list

---

SOC ANALYST NOTES

SSH and RDP services are exposed to the internet; verify if legitimate use case exists
Multiple blacklist listings indicate prior abuse attempts or confirmed malicious activity
OpenSSH Raspbian banner suggests potential compromised Raspberry Pi device
Consider blocking entire /24 subnet (219.248.4.0/24) if broader infrastructure risk is confirmed
Monitor for additional IPs from ASN 9318 showing similar patterns

END BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇰🇷 South Korea
Region	Gyeonggi-do
City	Gimpo-si
Timezone	Asia/Seoul
Latitude	35.91
Longitude	127.77

🏢 Ownership & Registration

Organization	IP Manager
ASN	AS9318
Network Name	broadNnet-KR
CIDR Block	219.248.0.0/14
RIR	APNIC
Country	KR
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Multi-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2
3389	rdp	tcp	—
Closed Ports	25, 80, 443, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	24%	1	3
geolocation	21%	2	2
Overall	22%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:12 UTC
Last Seen	2026-06-26 14:31:36 UTC
Profile Built	2026-06-23 08:24:37 UTC
Data Freshness	Live
Signal Types	17
Total Observations	18

🔍 17 signal types · 18 observations collected

This report is generated from 17+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

219.248.4.146📋 Copy