IOC Radar
IPMediumSignal 35/100

122.39.190.200

Location
Korea, Republic ofKorea, Republic of
Suwon, 11
ASN
AS17858
Xpeed
First Seen
Nov 14, 2023
Last Seen
Apr 20, 2026
Nov 14
First Seen
958d ago
Apr 20
Last Seen
69d ago
9
Reports
source reports
35%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
35%
Signal Score
35 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryKRKorea, Republic of
RegionSuwon, 11
ASNAS17858
OrganizationXpeed

Feed Intelligence Summary

9 reports35% confidence
9
Source reports
35%
Confidence score
Category tags
accessactive scanactive scanningadbhoney honeypotadbhoney related activityapiasiaattackauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute force ftpbrute force sshcommand and controlcommentcommunication protocolconnectconpotconpot honeypotconpot ics attackscowriecowrie activitycowrie honeypotcowrie ssh logscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securitydecoy systemdionaeadionaea activitydionaea honeypotdionaea malware collectiondirectory traversaldistributed attacksemailexecutable fileexploit attemptexploit attemptsexploitation activityexploitation of vulnerabilityexploited hostfileftp brute forcegithubgroupshackingheralding activityheralding scan activityhoneytrap activityhoneytrap honeypothttpshunterics attackics securityidentity & access exploitationimagesindicatorindustrial control systemsinjection activityiot securityiot/ics attackkorea, republic ofkrlamplamp exploitation attemptsmailoney activitymailoney honeypotmalicious activitymalicious email activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningpassword attacksphishingphishing attackphishing trappngprocess injectionpythonreconnaissanceredis exploit attemptredis honeypotredishoneypotresearchedresource hijackingscannerscriptsentrypeer activitysentrypeer botnetsentrypeer exploitservice enumerationservice scansftpsftp activitysftp attacksftp attackssftp protocol abusesipsip brute forcesip scanningslugsocial engineeringsouth koreasshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.004t1021.006t1021.007t1040t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1498t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreatthreat actorthreat detectionthreat intelligencetor nodeunauthorized access attemptuploadvalidatorvoipvoip attackvulnerability scanweb application attack

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
35
SIGNAL
Signal Score
35%
Confidence
9
Reports
First seenNov 14, 2023
Last seenApr 20, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuwon, 11
ASNAS17858
OrgXpeed
Coords37.5180, 126.8673

VirusTotal

Not checked

WHOIS

description
2025-05-04T04:06:04.770Z Honeypot : Adbhoney : EventID/src_ip/src_url: adbhoney.session.connect122.39.190.200
raw
inetnum: 122.32.0.0 - 122.47.255.255 netname: Xpeed descr: LG POWERCOMM admin-c: IM669-AP tech-c: IM669-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-02T01:32:06Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IM669-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-08-07T01:06:20Z source: APNIC route: 122.32.0.0/12 origin: AS17858 descr: Xpeed mnt-by: MNT-KRNIC-AP last-modified: 2019-09-25T00:41:29Z source: APNIC inetnum: 122.32.0.0 - 122.47.255.255 netname: Xpeed-KR descr: LG POWERCOMM country: KR admin-c: IA469-KR tech-c: IM469-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul address: 32 LGUPLUS country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IA469-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Hangang-daero Yongsan-gu Seoul address: 32 LGUPLUS country: KR phone: +82-2-1-01 e-mail: [email protected] nic-hdl: IM469-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 9 threat reports