IPMediumSignal 61/100
112.216.129.27
Location
Korea, Republic ofMapo-gu, Seoul
ASN
AS3786
Boranet
First Seen
Jun 30, 2024
Last Seen
Jun 6, 2026
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionMapo-gu, Seoul
ASNAS3786
OrganizationBoranet
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
28 reports61% confidence
28
Source reports
61%
Confidence score
Category tags
abuseabuseipdbacceptaccess controlaccess networkactive scanactive scanningadded activeandroid sandboxapplication layer protocolaptarialasiaattackattacker ipattacker-ipattempted intrusionauthentication attackauthentication attacksauthentication attemptsauthentication failureautomated attackautomated attacksbad reputationbanner-grabbingblacklist activityblacklist checkblacklist evasionblacklist hitblacklist ipblacklist ip activityblacklist ip detectionblacklist ipsblacklist matchingblacklist_ipblacklisted ipblacklisted ip activityblacklisted ip detectionblacklisted ip observedblacklisted ipsblacklisted sourceblocklistblocklist_allbody lengthbotnetbotnet activitybotnet indicatorsbotnet_activitybotnetactivitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationcache entrycalibricanadacharchrome cacheclear filterscnamecode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunity-sharedcompromise attemptcompromised hostconnectcowrie honeypotcredential accesscredential attackscredential brute forcecredential brute forcingcredential brutingcredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase probingdatabase securitydatabase service attacksdatabase servicesddosddos attemptdecorviewdecoy systemdefense evasiondenial of servicedetail infodetailsdhcpdhcp abusedhcp attacksdhcp discoverydhcp enumerationdhcp exploitationdhcp probingdhcp scandhcp scanningdhcp spoofing attemptdictionary attackdirectory service attacksdirectory servicesdistributed attacksdns attackdrops peeandroidruntimeelasticsearchelasticsearch attackselasticsearch brute forceelasticsearch bruteforceelasticsearch enumerationelasticsearch exploitationelasticsearch exploitation attemptelasticsearch exploitation attemptselasticsearch probingelasticsearch scanelasticsearch scanningencryptionentryenumerationeuropeexploitation activityfailed login attemptsfalt timesfinlandfoundfranceftpftp attacksftp brute forceftp brute-forceftp bruteforcegermanyguest systemhabo analysishackinghoneynet connecthoneytrap honeypothosthttp botnethttp brute forcehttp scanninghttp/httpshttpshttps scanninghydraidentity & access exploitationimapimap attackimap attacksimap brute forceimap bruteforceimap probingimap scanimap scanningindicatorinfoinfo fileinformation gatheringinitial accessinitial access attemptinitial-accessinjection activityinjection attacksintelinternet-facing servicesiot securityip-addressipv4irc botnetit managedit supportkorea (the republic of)korea, republic ofkrlamplateral movementldapldap attacksldap brute forceldap bruteforceldap enumerationldap exploitation attemptldap probingldap scanldap scanningliberation sanslibrarylistlabellog4shelllogin attemptlogin attemptsmalicious activitymalicious ipsmalicious network activitymalicious softwaremalicious trafficmalwaremalware distributionmalware hostingmasscanmedusamemcache brute forcememcache enumerationmemcache exploitationmemcache scanmemcache scanningmemcached amplificationmemcached attacksmemcached brute forcememcached exploitationmemcached exploitation attemptmemcached exploitation attemptsmemcached probingmemcached scanmemcached scanningmemory patternmetamicrosoft sql servermitre attackmobile threatms windowsmssqlmssql attackmssql attacksmssql brute forcemssql bruteforcemssql enumerationmssql probingmssql scanmssql scanningmysql brute forcenetherlandsnetworknetwork enumerationnetwork infonetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service attacksnetwork service scanningnew romannextnmapnorth americantpntp activityntp amplificationntp amplification attackntp amplification attemptntp attacksntp enumerationntp probingntp scanntp scanningoracleoracle attackoracle attacksoracle brute forceoracle bruteforceoracle databaseoracle database attackoracle dboracle enumerationoracle exploitationoracle exploitation attemptoracle probingoracle scanoracle scanningp2404p4bknppassword attackpassword attackspassword crackingpattern domainspe fileperforms dnsphishingphishing attackpolandport-scanpossible botnet activitypostgrespostgres brute forcepostgres bruteforcepostgres enumerationpostgres scanpostgres scanningpostgresql attackspostgresql brute forcepostgresql exploitation attemptpostgresql probingpotential botnet activityprocess injectionprotocol exploitationprotocol scanproxyqhoneypot activityqhoneypot detectionqhoneypot interactionransomwarereconnaissanceredisredis attacksredis brute forceredis bruteforceredis enumerationredis exploitationredis exploitation attemptredis exploitation attemptsredis probingredis scanredis scanningrelated pulsesremote accessremote access servicesremote service exploitationremote servicesresearchedriffrole titleromanrtbhscanscannerscanning activityscripting attackssearchsecurity operationssecurity policyserver exploitationservice attackservice discoveryservice enumerationservice scansip scanningsmbsmb attackssmb brute forcesmb bruteforcesmb exploitationsmb exploitation attemptsmb scansmb scanningsmtpsmtp brute forcesnmpsnmp attackssnmp enumerationsnmp exploitationsnmp exploitation attemptsnmp scansocial engineeringsocks5socks5 proxysocks5 proxy abusesocks5 proxy activitysocks5 proxy detectionsocks5 proxy scansocks5 proxy scanningsocks5 proxyingsocks5 scansocks5 scanningsouth koreasql injectionsql injection attemptsql-injectionsshssh attackssh attacksssh bruteforcessh monitoringstarfieldstatestatus codestrongsystem discoverysystem information discoverysystem sha256t1001t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1187t1189t1190t1203t1210t1485t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1574t1590t1592t1595t1595.001t1595.002t1595.003tahomatargeting databasetcp scantechstelnettelnet attackstelnet bruteforcetelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontimes newtitletls versiontor nodetype indicatoru0304u0308u0329u2190u2192udp scanukraineultimate fileunauthorized accessunauthorized access attemptunauthorized access attemptsunitedunited kingdomunited statesunixurls httpsuser enumerationverdictvncvnc attacksvnc bruteforcevnc protocolvnc scanvnc scanningvoidtrapvulnerability scanvulnerability-scanweb app attackweb application attackweb attackweb brute forceweb exploitationweb shell uploadweb-attackwebp imagewebshellwindows sandboxwsdlwsdl behaviourzenbox androidzip archive
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
28
Reports
First seenJun 30, 2024
Last seenJun 6, 2026
GeolocationKR
CountryKorea, Republic of
LocationMapo-gu, Seoul
ASNAS3786
OrgBoranet
Coords37.5663, 126.9772
Proxy
VirusTotal
Not checked
WHOIS
- description
- Banned by Fail2Ban [sshd]
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 5 days ago
Appeared in 28 threat reports