IOC Radar
IPMediumSignal 100/100

1.201.136.217

Location
South KoreaSouth Korea
Gangnam-gu, Seoul
ASN
AS9286
Kinxinc
First Seen
Nov 21, 2024
Last Seen
Jan 23, 2026
Nov 21
First Seen
566d ago
Jan 23
Last Seen
138d ago
17
Reports
source reports
99%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryKRSouth Korea
RegionGangnam-gu, Seoul
ASNAS9286
OrganizationKinxinc

Feed Intelligence Summary

17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
abuseactive scanningasiaatif feedattackauto-generated securitybanlist feedbinary defensebotnetbrute forcebrute force attackcommand and controlcredential accesscredential harvestingcredential stuffingcredentialaccessctadata exfiltrationdistributed attacksemailemailattackhackinghoneytrap honeypotimapimap attackindicatorinformation gatheringinfrastructure acquisitionreconnaissancekorea (the republic of)korea, republic ofkrlamplogin attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremanualnetworknetwork reconnaissancenetwork scanningnetwork traffic analysispassword attacksphishingphishing attackphishing trappotential malware distributionprocess injectionreconnaissanceresearchedscannersmtpsocial engineeringsouth koreassh attacksurface webt1055t1059t1059.004t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003threat actorthreat detection

Activity Timeline

1 total obs
Jan 23Jan 23

Threat Activity Heatmap

· Peak: 2026-01-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenNov 21, 2024
Last seenJan 23, 2026
GeolocationKR
CountrySouth Korea
LocationGangnam-gu, Seoul
ASNAS9286
OrgKinxinc
Coords37.4886, 127.0520

VirusTotal

Not checked

WHOIS

description
2025-02-04T11:59:15.000Z Honeypot : Mailoney : Source: 1.201.136.217 : Port: 25 : Data: EHLO louisianamedical.tech
raw
inetnum: 1.201.0.0 - 1.201.255.255 netname: KINXINC descr: KINX country: KR admin-c: IM405-AP tech-c: IM405-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2024-09-25T01:54:02Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Seoul Gangnam-gu Eonju-ro 30-gil 13 country: KR phone: +82-2-580-4600 e-mail: [email protected] nic-hdl: IM405-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-10-10T00:50:41Z source: APNIC inetnum: 1.201.0.0 - 1.201.255.255 netname: KINXINC-KR descr: KINX country: KR admin-c: MI443-KR tech-c: MI443-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Gangnam-gu Eonju-ro 30-gil 13 address: 13, Daelim Acrotel country: KR phone: +82-2-580-4600 e-mail: [email protected] nic-hdl: MI443-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 17 threat reports