IOC Radar
IPMediumSignal 75/100

210.217.120.236

Location
Korea, Republic ofKorea, Republic of
Gyeongsan-si, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Jul 15, 2025
Last Seen
Nov 13, 2025
Jul 15
First Seen
330d ago
Nov 13
Last Seen
209d ago
10
Reports
source reports
75%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

75 techniques

Network Information

CountryKRKorea, Republic of
RegionGyeongsan-si, Gyeonggi-do
ASNAS4766
OrganizationKornet

IP Category

Proxy
Proxy server

Feed Intelligence Summary

10 reports75% confidence
10
Source reports
75%
Confidence score
Category tags
abuseactive scanningadbhoney honeypotanomalous network connectionsasiaattackaustraliaauthentication attacksblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationchina mobilecode executioncolumnscommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromised systemsconpot honeypotcowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential stuffingcurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos probeddospotdecoy systemdenial of servicedenial-of-service attemptdionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdockerelasticpot honeypotelasticsearchelasticsearch monitoringenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit targetingexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfinlandfranceftpftp attackftp attacksftp brute forcegalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityimapindicatorindustrial control systemsinformation gatheringinitial accessintrusion detectioniociot/ics attackipphoney honeypotkibanakorea, republic oflateral movementlog4potlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmedpotmssqlnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniap0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishing attackphishing trappolandpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationproxyproxy accessransomwarereconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresoftware exploitationsouth koreasql injectionsql injection attemptssh attackssh attacksssh monitoringsuricata alertsuricata alertssystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1572t1583t1588t1588.002t1588.006t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited statesus abuseus nonevnc protocolvoipvoip attackvulnerability scanweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpot

Activity Timeline

1 total obs
Nov 13Nov 13

Threat Activity Heatmap

· Peak: 2025-11-13
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
10
Reports
First seenJul 15, 2025
Last seenNov 13, 2025
GeolocationKR
CountryKorea, Republic of
LocationGyeongsan-si, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.4206, 127.1267
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
inetnum: 210.217.0.0 - 210.217.127.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-06T01:30:09Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 210.217.0.0 - 210.217.127.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 6 months ago
Appeared in 10 threat reports