221.162.0.119
# IP Intelligence Briefing: 221.162.0.119/32
## Executive Summary
IP address 221.162.0.119 is classified as High Risk (risk score: 80/100) with a mobile carrier assignment. The address shows evidence of blacklist presence and should be treated as potentially malicious.
## Ownership & Geolocation
- ASN: 4766 (IP Manager)
- Organization: IP Manager
- Country: Korea (KR)
- City: Seogwipo
- Mobile Carrier: KT Corporation (MCC: 450, MNC: 08)
- Connection Type: Mobile LTE/5G
## Network Classification
- Status: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: Not present
- DNS: No PTR records, no forward resolution
- BGP Prefix: 221.160.0.0/13
- Route Stability: Unstable (false)
## Threat Indicators
- DNSBL Listings: 4 out of 8 total lists
- Known Attacker: No confirmed indicators
- Tor Exit Node: No
- Spam Source: Not identified
- Abuse Confidence: Data available via RDAP
## Historical Activity
- Observations: 15 signal observations recorded
- Notable Event: On 2026-06-21, the IP appeared in 4 blacklist listings with high severity ratings
- Geolocation: Consistently resolved to Korea (KR) with multi-signal inference
- Persistence: No persistent malicious activity pattern detected
## Neighborhood Analysis
- Subnet: 221.162.0.119/24
- Abuse Density: 0
- Threat Siblings: 0
- Active Siblings: 0
- Risk Distribution: No high-risk neighbors identified
## Related Entities
- Network Relationships: 17 relationships mapped to KORNET-KR network
- Network Type: Same Network (KORNET-KR)
## Recommended Actions
1. Block at perimeter: Implement DROP rule for inbound traffic from 221.162.0.119/32
2. Monitor egress: Alert on outbound connections to this address
3. Log analysis: Review firewall logs for any prior communication
4. WAF configuration: Add to blocklist in Cloudflare/AWS WAF if applicable
## Risk Assessment
The IP demonstrates elevated risk characteristics primarily due to blacklist presence. Despite being classified as "High Risk," the surrounding subnet shows minimal abuse activity. The mobile carrier assignment and lack of open services suggest this may be a compromised mobile device or residential proxy endpoint.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 23% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 17% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:13 UTC |
| Last Seen | 2026-06-25 14:02:25 UTC |
| Profile Built | 2026-06-23 08:47:58 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 16 |
Full dossier details are available via our API.