IOC Radar
IPMediumSignal 71/100

119.68.90.101

Location
Korea, Republic ofKorea, Republic of
Yongsan-dong, Seoul
ASN
AS17858
Xpeed
First Seen
Jan 28, 2025
Last Seen
Feb 13, 2026
Jan 28
First Seen
499d ago
Feb 13
Last Seen
117d ago
14
Reports
source reports
71%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Network Information

CountryKRKorea, Republic of
RegionYongsan-dong, Seoul
ASNAS17858
OrganizationXpeed

Feed Intelligence Summary

14 reports71% confidence
14
Source reports
71%
Confidence score
Category tags
abuseaccess controlactive scanningasiaattackbotnetbrute forcebrute force attackcommand and controlcowriecowrie honeypotcowrie honeypot datacredential accesscredential stuffingdata exfiltrationdecoy systemdistributed attackseuropeftp brute forcegithubindicatorintrusion detectionkorea (the republic of)korea, republic ofkrmalicious activitymalicious softwaremalwaremysqlnetworknetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnginxpassword attacksprocess injectionpythonreconnaissanceresearchedscannersecurity policyserversftpsftp attacksftp exploit attemptslugsouth koreasshssh attackssh monitoringsurface webt1021t1021.004t1040t1041t1055t1059t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003threat actorthreat intelligencethreat preventionunauthorized access attemptunauthorized login attemptsunited kingdom

Activity Timeline

1 total obs
Feb 13Feb 13

Threat Activity Heatmap

· Peak: 2026-02-13
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
14
Reports
First seenJan 28, 2025
Last seenFeb 13, 2026
GeolocationKR
CountryKorea, Republic of
LocationYongsan-dong, Seoul
ASNAS17858
OrgXpeed
Coords37.5112, 126.9741

VirusTotal

Not checked

WHOIS

description
2025-02-19T18:39:37.180Z Honeypot : Cowrie : Source: 119.68.90.101 Data: Remote SSH version: SSH-2.0-libssh2_1.11.0
raw
inetnum: 119.64.0.0 - 119.71.255.255 netname: Xpeed descr: LG POWERCOMM admin-c: IM669-AP tech-c: IM669-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-02T01:32:06Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IM669-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-08-07T01:06:20Z source: APNIC route: 119.64.0.0/13 descr: Xpeed origin: AS17858 mnt-by: MNT-KRNIC-AP last-modified: 2019-09-25T00:46:53Z source: APNIC inetnum: 119.64.0.0 - 119.71.255.255 netname: Xpeed-KR descr: LG POWERCOMM country: KR admin-c: IA469-KR tech-c: IM469-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul address: 32 LGUPLUS country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IA469-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul address: 32 LGUPLUS country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IM469-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 14 threat reports