IOC Radar
IPHighVerifiedSignal 84/100

175.200.104.40

Location
Korea, Republic ofKorea, Republic of
Changwon, 48
ASN
AS4766
Kornet
First Seen
Oct 28, 2025
Last Seen
Jun 12, 2026
Oct 28
First Seen
227d ago
Jun 12
Last Seen
today
32
Reports
source reports
92%
Confidence
high
Found in 32 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
92%
Signal Score
84 / 100
IDS Rule
Yes
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryKRKorea, Republic of
RegionChangwon, 48
ASNAS4766
OrganizationKornet

IP Category

VPN
VPN exit node

Feed Intelligence Summary

32 reports92% confidence
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5628 indicators)
5146 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5562 indicators)
5082 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (5555 indicators)
5077 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (6250 indicators)
5768 IOCs in report
AT
Abuse.ch ThreatFox
Today
Abuse.ch ThreatFox (6239 indicators)
5766 IOCs in report

Activity Timeline

5 total obs
Jun 12Jun 12

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
5
Moderate
7d
5
Moderate
30d
5
Moderate
3mo
5
Moderate
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
92%
Confidence
32
Reports
First seenOct 28, 2025
Last seenJun 12, 2026
Verified IOC
GeolocationKR
CountryKorea, Republic of
LocationChangwon, 48
ASNAS4766
OrgKornet
Coords34.8341, 127.8917
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 175.192.0.0 - 175.207.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2025-11-03T08:14:04Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 175.192.0.0 - 175.207.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://purplesynapz.com/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-13/, https://github.com/telekom-security/tpotce, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-26/, https://www.linkedin.com/posts/starlightintel_starlight-cti-activity-7390040954386280449-QTB6?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 7 months ago · Last seen today
Appeared in 32 threat reports from 5 sources