IPMediumSignal 31/100
115.22.13.85
Location
Korea, Republic ofSuyeong-gu, 26
ASN
AS4766
Korea Telecom
First Seen
Jan 13, 2023
Last Seen
Apr 6, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionSuyeong-gu, 26
ASNAS4766
OrganizationKorea Telecom
Feed Intelligence Summary
17 reports31% confidence
17
Source reports
31%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotaerospace & defenseasiaattackauto-generated securityautomotive manufacturingbad reputationbotnetbotnet activitybrute forcebrute force attemptbrute force attemptscisco devicecisco exploitation attemptcisco exploitation attemptscivil servicescommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingcyber securitydata exfiltrationdata store exposureddosddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydevice managementdionaea honeypotdistributed attackselectronics manufacturingenterprise networkingexploitation activityftp brute forcegovernment technologyhoneytrap honeypotics securityidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkorea, republic ofkrlamplateral movementloginmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualmanufacturing technologymilitary operationsmirai botnetnational securitynetworknetwork attacksnetwork infrastructurenetwork probingnetwork scanningnetwork securitynetwork service scanningnextraypassword attacksphishingphishing attackphishing trappotential malware deploymentprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesresearchedscanscannersecurity operationssecurity policyself-signedservice scansftp activitysftp attacksmtp probingsocial engineeringsocradar honeypotsouth koreassh attackssh monitoringsupply chain attacksupply chain managementt1021t1021.002t1040t1041t1046t1053t1055t1059t1071.001t1078t1110t1110.002t1133t1187t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetsec
Activity Timeline
Apr 6Apr 6
Threat Activity Heatmap
· Peak: 2026-04-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
17
Reports
First seenJan 13, 2023
Last seenApr 6, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuyeong-gu, 26
ASNAS4766
OrgKorea Telecom
Coords35.1003, 129.0442
VirusTotal
Not checked
WHOIS
- description
- 2025-01-21T21:15:17.918Z Honeypot : ConPot : Source: 115.22.13.85 : Port: 50100 Data Type: kamstrup_management_protocol Event Type: NEW_CONNECTION
- raw
- inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2019-04-29T04:00:27Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://purplesynapz.com/, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 2 months ago
Appeared in 17 threat reports