IPMediumSignal 48/100
175.202.82.16
Location
Korea, Republic ofJeonju, 45
ASN
AS4766
Kornet
First Seen
Jan 6, 2024
Last Seen
Jun 21, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionJeonju, 45
ASNAS4766
OrganizationKornet
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
25 reports48% confidence
25
Source reports
48%
Confidence score
Category tags
abuseabuseipdbaccess controlactive scanactive scanningasiaatif feedattackauto-generated securitybad reputationbanlist feedbinary defenseblacklist ip checkbotnetbotnet activitybrute forcebrute force attackcommand and controlcommand executioncommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata exfiltration attemptsdata store exposuredatabase attacksdatabase securitydecoy systemdhcpdhcp attackdionaea honeypotdistributed attackselasticpot honeypotelasticsearchelasticsearch attackelasticsearch monitoringencryptionexploitation activityexploitation attemptexploitation attemptsftpftp brute forceidentity & access exploitationimapimap attackindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinjection activityiot securityit infrastructurekorea (the republic of)korea, republic ofkrlateral movementldapldap attackmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsmanualmemcached attackmssqlmssql attacknetworknetwork monitoringnetwork protocolnetwork scanningnetwork securityntpntp amplificationoracleoracle attackpassword attacksphishingphishing attackpostgresql attackpotential botnet activityprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanning activitysecurity policysentrypeer botnetserver exploitationsftp access attemptsftp attacksip brute forcesmb scanningsmtpsmtp attackersocial engineeringsocks5socks5 proxy activitysoftware developmentsouth koreasql injectionssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1055t1059t1059.003t1059.005t1071.001t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1565t1566.001t1566.002t1566.003t1583t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp/22telecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodevnc protocolvoipvoip attack
Activity Timeline
Jun 21Jun 21
Threat Activity Heatmap
· Peak: 2026-06-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
25
Reports
First seenJan 6, 2024
Last seenJun 21, 2026
GeolocationKR
CountryKorea, Republic of
LocationJeonju, 45
ASNAS4766
OrgKornet
Coords35.8216, 127.4118
Proxy
VirusTotal
Not checked
WHOIS
- description
- 2025-04-03T10:36:11.123Z Honeypot : Heralding : Source: 175.202.82.16 : Username/Password: [email protected]/Labeehive@123 Port: 465 Message: 2025-04-03 10:36:11.123008,20da9687-19d1-49bb-afa1-9f16f145b523,624969f7-5c03-43b5-91a3-07df8a75b6f0,175.202.82.16,43702,99.18.26.18,465,smtps,[email protected],Labeehive@123,
- raw
- inetnum: 175.192.0.0 - 175.215.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:08Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 175.192.0.0 - 175.215.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 25 threat reports