IPMediumSignal 73/100
112.161.26.125
Location
Korea, Republic ofGoyang-si, Gyeonggi-do
ASN
AS4766
Korea Telecom
First Seen
Jan 6, 2025
Last Seen
Jun 13, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionGoyang-si, Gyeonggi-do
ASNAS4766
OrganizationKorea Telecom
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
29 reports73% confidence
29
Source reports
73%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount enumerationaccount profilingaccount takeoveraccount takeover attemptaccount-compromiseactive scanactive scanningactive-attackadresse ipaptasiaattackattack origin: malaysiaattack source ipattack-attemptattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptsauthentication bypassauthentication-failureautomated threatautomated-attackazure adbad reputationbad web botbankingbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force ipsbrute-forcebrute-force attackbruteforcec2 communicationc2 serverchinacloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostscompromised ip addresscowriecowrie honeypotcredential accesscredential access attemptcredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential-harvestingcredential-stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedictionary attackdigital oceandistributed attacksemailemail-protocolemerging threatsenv-huntingeuropeexploitation activityexploited hostexternal attackfail2ban triggerfinancefinancial servicesfinancial technologyfinlandfinland activityfnt-secure-sentinelfnt-sentinelfrancefraud ordersftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forcehttp scannerhttp scanninghttpsidentity & access exploitationimapimap attackimap brute forceindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet facing assetintrusion detectioniocipv4ipv4 indicatorskorea (the republic of)korea, republic ofkrlateral movementlcialogin attacklogin attemptlogin attemptslogin-attackmalaysiamalicious activitymalicious activity detectedmalicious ipsmalicious probemalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork probingnetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-protocolnginxnorth americaoceaniaos credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpassword-attackpayment processingphishingphishing attackpolandpop3 brute forceport-scanningpotential-atoprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedresource hijackingsaslsasl authentication attacksasl brute forcescams & fraudscannerscanner ipscannersscanning activityscanning ipsscripting attackssecurity operationssecurity policyservice scansftp attacksingaporesmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsouth koreaspamsql-injectionsshssh attackssh monitoringssh-brutet-pott1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003targeting databasetcp brute forcetcp protocoltcp protocol attacktcp scantelnet threatthreat actorthreat intelligencethreat preventionthreat-intelligencetor nodetpotturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesunknown threat actorvoidtrapvpnvpn ipvulnerability scanvulnerability-scanningwealth managementweb app attackweb application attackweb attackweb crawlerweb crawlingweb exploitationweb spamweb trafficweb-application-attack
Activity Timeline
Jun 13Jun 13
Threat Activity Heatmap
· Peak: 2026-06-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
29
Reports
First seenJan 6, 2025
Last seenJun 13, 2026
GeolocationKR
CountryKorea, Republic of
LocationGoyang-si, Gyeonggi-do
ASNAS4766
OrgKorea Telecom
Coords37.3644, 127.1160
VPN
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
- raw
- inetnum: 112.160.0.0 - 112.191.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:21:58Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 112.160.0.0 - 112.191.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 10 days ago
Appeared in 29 threat reports