IOC Radar
IPMediumSignal 31/100

211.188.54.49

Location
Korea, Republic ofKorea, Republic of
Naju, Gyeonggi-do
ASN
AS135354
NAVER Cloud Corp.
First Seen
Nov 18, 2024
Last Seen
Apr 7, 2026
Nov 18
First Seen
571d ago
Apr 7
Last Seen
65d ago
13
Reports
source reports
31%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Network Information

CountryKRKorea, Republic of
RegionNaju, Gyeonggi-do
ASNAS135354
OrganizationNAVER Cloud Corp.

Feed Intelligence Summary

13 reports31% confidence
13
Source reports
31%
Confidence score
Category tags
abuseactive scanactive scanningasiaattackaustraliaauthentication attackauto-generated securityautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptcommand and controlcredential accesscredential stuffingctadata exfiltrationdata store exposuredecoy systemdistributed attacksexploitation activityidentity & access exploitationindicatorinjection activitykorea, republic ofmalicious activitymalicious softwaremalwarenetworknetwork securityoceaniapassword attacksprocess injectionreconnaissanceremote accessresearchedscannersouth koreassh attackt1055t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1486t1496t1499.002t1499.003t1565t1589t1589.002t1595.001t1595.002t1595.003threat actorthreat intelligencetor node

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
13
Reports
First seenNov 18, 2024
Last seenApr 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationNaju, Gyeonggi-do
ASNAS135354
OrgNAVER Cloud Corp.
Coords35.0185, 126.7950

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 211.188.32.0 - 211.188.63.255 netname: NBP-NET descr: NAVER Cloud Corp. country: KR admin-c: IM681-AP tech-c: IM681-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2021-03-16T00:14:46Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 6 country: KR phone: +82-31-1588-3820 e-mail: [email protected] nic-hdl: IM681-AP mnt-by: MNT-KRNIC-AP last-modified: 2024-11-05T00:12:09Z source: APNIC inetnum: 211.188.32.0 - 211.188.63.255 netname: NBP-NET-KR descr: NAVER Cloud Corp. country: KR admin-c: TS411-KR tech-c: TS411-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 6 address: ???????????????????? 4???? country: KR phone: +82-31-1588-3820 e-mail: [email protected] nic-hdl: TS411-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 13 threat reports