222.116.34.23
# IP Intelligence Briefing: 222.116.34.23/32
Classification: High Risk / Mobile Network Origin
Date: June 2026
Risk Score: 80/100
## Executive Summary
IP address 222.116.34.23 is a mobile network endpoint originating from South Korea (Jeju-do, Seogwipo-si) classified under ASN 4766 (IP Manager). The IP exhibits high-risk characteristics with active blacklist listings across 5-8 threat feeds. No active services are detected; the endpoint is firewalled with no open ports. Recommended action: Block at perimeter firewall with enhanced monitoring.
## Technical Profile
| Attribute | Value |
|---|---|
| **ASN** | 4766 (IP Manager) |
| **Organization** | IP Manager |
| **RIR** | APNIC |
| **Country** | South Korea (KR) |
| **Region/City** | Jeju-do, Seogwipo-si |
| **Mobile Carrier** | KT Corporation (MCC: 450, MNC: 08) |
| **Connection Tech** | LTE/5G |
| **Network Role** | Firewalled / No Services |
## Threat Indicators
- DNSBL Status: Listed on 5 of 8 total DNSBL feeds
- Risk Classification: High Risk (80/100)
- Abuse Confidence: Not quantified
- Campaign Association: No known campaign correlations
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
## Observation History
The IP has generated 17 intelligence observations with the following patterns:
- Recent Activity (June 2026): Multiple high-severity blacklist listings detected across 8 threat feeds
- Listings Count: 4-5 active listings per observation window
- Max Severity: High
- Confidence Level: 0.22-0.85
- Subnet Analysis: 222.116.34.0/24 classified as "mostly_clean" with 50% abuse density
- Threat Persistence: 0 days (transient observation)
## Network Neighborhood
- Subnet: 222.116.34.0/24
- Total Siblings: 2 IPs
- Active Siblings: 0
- Threat Siblings: 1
- Neighbor IP: 222.116.34.84 (Risk Score: 0, Authority Score: 50)
- Network Classification: KORNET-KR
## Network Relationships
All 15 relationship targets map to network entities under KORNET-KR designation, indicating regional network interconnection patterns consistent with the APNIC allocation.
## Service Analysis
- Open Ports: None detected
- TLS Certificates: None
- HTTP Services: None
- DNS Records: No forward or reverse resolution
- Email Authentication: No SPF, DMARC, or TXT records
## Recommended Security Actions
Immediate Actions (Critical)
1. Block at Perimeter Firewall
- `iptables -A INPUT -s 222.116.34.23 -j DROP`
- `nft add rule inet filter input ip saddr 222.116.34.23 drop`
- `deny 222.116.34.23` (nginx)
2. Cloud Platform Integration
- Cloudflare WAF: Block with expression `ip.src eq 222.116.34.23`
- AWS WAF: Add IP to blocklist (CIDR: 222.116.34.23/32)
- pfSense: Configure rule for 222.116.34.23/32
Monitoring Recommendations
- Logging: Increase verbosity for traffic patterns from this IP
- Review: Analyze recent activity logs for any attempted connections
- Correlation: Monitor 222.116.34.84 (neighbor) for coordinated activity
## Intelligence Assessment
This IP represents a mobile network endpoint with elevated risk posture due to active blacklist presence across multiple threat feeds. The lack of open services suggests either legitimate mobile infrastructure or an endpoint configured to receive traffic only. The 50% abuse density in the /24 subnet indicates moderate risk context. Given the high risk score (80) and recent high-severity listings, defensive blocking is recommended pending further correlation with organization-specific threat intelligence.
---
*Report generated by IPDebrief Intelligence Platform. All data sourced from real-time threat intelligence feeds and network observations.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IP Manager |
| ASN | AS4766 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | โ |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2020-12-26T11:59:14+00:00 |
| Valid Until | 2045-12-27T11:59:14+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 9132 days |
| Serial Number | 079BBEA0 |
| Thumbprint | 6FEE19752F43E7BFC322282176C47B3EBD501391 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 9 | 13 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says KR
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:13 UTC |
| Last Seen | 2026-06-26 18:11:10 UTC |
| Profile Built | 2026-06-26 09:36:48 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.