IPMediumSignal 72/100
121.125.67.137
Location
Korea, Republic ofBupyeong-gu, 28
ASN
AS9318
broadNnet
First Seen
Aug 16, 2024
Last Seen
Jun 20, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionBupyeong-gu, 28
ASNAS9318
OrganizationbroadNnet
Feed Intelligence Summary
29 reports72% confidence
29
Source reports
72%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptasiaattackattack originattacker ipattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failuresautomated attackautomated attacksbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 servercode executioncode injectioncommand & controlcommand and controlcommand executioncompromised credentialscompromised hostcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedigital oceandistributed attackseuropeexploitexploitation activityexploitation attemptsexploited hostfailed authenticationfailed login attemptsfailed loginsfin scanningfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forcehttp probingidentity & access exploitationimap brute forceindicatorinfrastructure acquisitionreconnaissanceinjection activityinjection attacksiociot securityiot targetedkill-chain exploitationkill-chain reconnaissancekorea (the republic of)korea, republic ofkrlateral movementlogin attemptlogin attemptslogin failurelow-riskmalicious activitymalicious softwaremalwaremalware distributionmanualnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americanull scanningoceaniaosintpassword attackpassword attacksphishingphishing attackpolandpotential intrusionprocess injectionprotocol exploitationransomwarerate limiting triggeredreconnaissancereconnaissance activityremote accessremote servicesresearchedresource exhaustionscannerscanner detectionscanning activitysecurity alertsecurity eventsecurity operationssecurity policysftp attacksmb brute forcesmtp brute forcesocial engineeringsocradar honeypotsouth koreaspamsshssh attackssh monitoringsyn scanningt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1055t1056t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1583t1587.001t1589t1589.002t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003t1596tcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesvalid accountsvoidtrapvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb application scanningweb brute forceweb exploitationweb loginxmas scanning
Activity Timeline
Jun 20Jun 20
Threat Activity Heatmap
· Peak: 2026-06-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
29
Reports
First seenAug 16, 2024
Last seenJun 20, 2026
GeolocationKR
CountryKorea, Republic of
LocationBupyeong-gu, 28
ASNAS9318
OrgbroadNnet
Coords37.5488, 126.6578
VirusTotal
Not checked
WHOIS
- description
- Score: 76/100 | Detector: threat_feed | Label: compromised_host | Tags: compromised_host, reported_abuse, compromised
- raw
- inetnum: 121.124.0.0 - 121.125.255.255 netname: broadNnet descr: SK Broadband Co Ltd admin-c: IM670-AP tech-c: IM670-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T00:38:18Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM670-AP mnt-by: MNT-KRNIC-AP last-modified: 2021-10-05T05:20:03Z source: APNIC inetnum: 121.124.0.0 - 121.125.255.255 netname: broadNnet-KR descr: SK Broadband Co Ltd country: KR admin-c: IM12-KR tech-c: IM12-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 address: SK Namsan Green Bldg. country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM12-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 7 days ago
Appeared in 29 threat reports