Is IP address 221.139.88.149 dangerous?

Yes, 221.139.88.149 is considered dangerous with a threat level of 10/10. It has been reported 168 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 221.139.88.149?

IP address 221.139.88.149 is operated by SK Broadband Co Ltd (ASN 9318) and is geolocated to KR. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 221.139.88.149?

Yes, blocking 221.139.88.149 is strongly recommended. With a threat level of 10/10 and 168 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 221.139.88.149?

Our threat assessment for 221.139.88.149 has a confidence score of 100%, based on 168 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

221.139.88.149

IPv4 Public

AS9318

SK Broadband Co Ltd

168 Reports

KR Location

SK Broadband Co Ltd ASN 9318

168 Reports

Honeypot Data Source

Severe Risk

IP 221.139.88.149 is a critical-risk address originating from South Korea that has been flagged in 168 abuse reports for sustained SSH brute-force attacks and broader intrusion activity, with honeypot sensors confirming repeated exploitation attempts against SSH services. The volume of reporting, maximum threat score and detection across multiple automated sensors collectively paint a picture of persistent credential-attack infrastructure rather than opportunistic scanning.

Network intelligence places this IP within AS9318, operated by SK Broadband Co Ltd in South Korea, with activity documented between February 2026 and May 2026. The 168 total reports break down across three primary categories: SSH brute-force attempts (20 reports), general hacking/intrusion activity (19 reports), and exploited-host behaviour (9 reports). Activity frequency of 8/10 indicates ongoing, sustained offensive operations rather than isolated burst activity, and the 20 distinct honeypot sources confirm distributed detection across sensor networks. The coexistence of exploited-host tags alongside active attack signatures suggests this address may be running attack tooling while simultaneously showing indicators of compromise itself.

SSH brute-force attacks remain one of the most common initial-access vectors for server compromise. Automated tools cycle through username/password combinations against exposed SSH daemons, exploiting weak or default credentials to gain shell access. Once inside, attackers deploy cryptocurrency miners, ransomware, or pivot deeper into networks. The "exploited" designation on several Suricata alerts associated with this IP suggests that whatever SSH service it contacted was itself already compromised, indicating either a chained botnet node or a compromised residential connection being weaponised without the owner's knowledge.

Site operators exposing SSH to the internet should immediately block this IP at the firewall level and implement key-based authentication to eliminate password-based login entirely. Adjusting the default SSH port reduces automated scanning exposure, while tools such as fail2ban can dynamically ban repeat offenders after a configurable violation threshold. Enabling intrusion-detection monitoring and reviewing authentication logs for any matching attempts during the February–May 2026 window will help determine whether any probing succeeded.

More threatening than 100% of monitored IPs

Threat Categories

SSH 30

Hacking 27

Exploited Host 13

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 1 week indicates persistent threat actor operations.

First Observed 10. May 2026

Last Activity 19. May 2026

Recent (7 days) 0 incidents

Moderate Network Risk

The network hosting this IP (ASN 9318, operated by SK Broadband Co Ltd) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Long-term blocking recommended.

Reputation Summary

Threat Level 10/10 Critical

Critical

Activity Frequency 8/10 High

Confidence Score 95% Verified

Confidence History

7. May 2026 - 19. May 2026

100% Current

Stable Trend

Date	Categories	Source	Confidence
19. May 2026	Hacking Exploited Host SSH	Honeypot x3	75%
19. May 2026	Hacking SSH	Honeypot x2	75%
18. May 2026	Hacking SSH	Honeypot x2	75%
18. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
18. May 2026	SSH	Honeypot	75%
18. May 2026	Hacking SSH	Honeypot x2	75%
17. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
17. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
16. May 2026	Hacking SSH	Honeypot x2	75%
16. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
15. May 2026	Hacking SSH	Honeypot x2	75%
15. May 2026	Hacking Exploited Host SSH	Honeypot x3	75%
14. May 2026	Hacking SSH	Honeypot x2	75%
14. May 2026	Hacking SSH	Honeypot x2	75%
13. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
13. May 2026	Hacking SSH	Honeypot x2	75%
12. May 2026	SSH Hacking Exploited Host	Honeypot x3	75%
12. May 2026	Hacking SSH	Honeypot x2	75%
11. May 2026	Hacking Exploited Host SSH	Honeypot x3	75%
11. May 2026	Hacking SSH	Honeypot x2	75%
11. May 2026	SSH	Honeypot	75%
10. May 2026	Hacking SSH	Honeypot x2	75%
10. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
9. May 2026	Hacking SSH	Honeypot x2	75%
9. May 2026	SSH	Honeypot	75%
9. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%
8. May 2026	Hacking Exploited Host SSH	Honeypot x3	75%
8. May 2026	Hacking SSH	Honeypot x2	75%
8. May 2026	Hacking SSH	Honeypot x2	75%
7. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%

Basic Information

IP Address: 221.139.88.149
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class C

Geolocation

Country: KR
ASN: AS9318
ISP: SK Broadband Co Ltd

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 168
First Reported: 21 Feb 2026
Last Reported: 19 May 2026, 21:55

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS9318

Organization: SK Broadband Co Ltd

Country:

Network Threat Assessment

5/10

This network has low threat indicators with minimal suspicious activity.

Network Statistics

206

Total IPs Monitored

3,329

Total Reports

16.2

Reports per IP

Network Context

This IP address belongs to SK Broadband Co Ltd (AS9318), which manages 206 IP addresses in our monitoring system. Out of these, 3,329 have been reported for suspicious activities, resulting in a network-wide threat level of 5/10.

Network notice: This network shows some suspicious activity patterns. Monitor interactions with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

100 %

Global Threat Ranking

This IP is more threatening than 100% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 198,690 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++

Total Reports 168 avg: 23 ++

Network Comparison

Compared against 224 IPs in ASN 9318

Threat Level 10/10 network avg: 5.5 ++

Total Reports 168 network avg: 17 ++

Network SK Broadband Co Ltd has overall threat level 5/10

Geographic Comparison

Compared against 2,284 IPs in KR

Threat Level 10/10 country avg: 5.3 ++

Total Reports 168 country avg: 19 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 18 May 2026 4 reports

Daily Average 0.8 reports/day

Most Active Wednesday 33 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

SSH 164

Hacking 95

Exploited Host 41

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 03:00 with 11 reports

Weekly Activity

Geographic Threat Distribution

186,446 threat incidents tracked globally • Last 24h: 18,633 Logs

FEED

Top Threat Sources

01

United States US

38,320 20.6%
02

India IN

28,851 15.5%
03

China CN

25,960 13.9%
04

Brazil BR

10,202 5.5%
05

Germany DE

7,128 3.8%
06

Singapore SG

6,451 3.5%
07

Indonesia ID

5,496 2.9%
08

Russia RU

4,690 2.5%
09

Pakistan PK

4,632 2.5%
10

Netherlands NL

4,350 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

9.7/10 Avg Threat

97% Avg Confidence

20 High Threat

High-risk network: Majority of related IPs are flagged

Severe Risk

Threat Categories

Technical Details

Recommended Mitigations

Behavioral Analysis

Moderate Network Risk

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]