IPMediumSignal 52/100
211.51.230.208
Location
Korea, Republic ofHampyeong-gun, 46
ASN
AS4766
Kornet
First Seen
Nov 19, 2024
Last Seen
Jun 2, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionHampyeong-gun, 46
ASNAS4766
OrganizationKornet
Feed Intelligence Summary
15 reports52% confidence
15
Source reports
52%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseactive scanactive scanningaptasiaattackattack vectorsauthenticationauthentication attemptautomated attackautomated threatbad reputationbotnetbotnet activitybotnet trafficbrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcec2cisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcommunication technologiescompromised credentialscowrie datacowrie honeypotcredential accesscredential attackcredential brute forcingcredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdistributed attacksenterprise networkingeuropeexploit attemptsexploitation activityexploited hostfilefranceftpftp brute forcegeneric threat actorhackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityinternet-wide monitoringinternet-wide scaniot securityiot targetedipv4korea (the republic of)korea, republic ofkrlamplateral movementlinux systemslogin attemptmailoney honeypotmalicious activitymalicious file transfermalicious ipsmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware propagationmalware scanningmobile carriersmobile networksnetworknetwork infrastructurenetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksphishingphishing attackphishing trapping of deathprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedresource hijackingscannerscannerssecurity eventsecurity operationssecurity policysentrypeer activitysentrypeer botnetservice scansftp attacksftp exploitation attemptssip brute forcesip scanningsmtpsmtp brute forcesocial engineeringsocradar honeypotsouth koreasql injection attemptsssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1076t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1588t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunauthorized access attemptunauthorized access attemptsvoipvoip attackweb application attackweb exploitationweb serversweb traffic
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
15
Reports
First seenNov 19, 2024
Last seenJun 2, 2026
GeolocationKR
CountryKorea, Republic of
LocationHampyeong-gun, 46
ASNAS4766
OrgKornet
Coords34.9460, 127.7005
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 211.51.0.0 - 211.51.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-12-26T05:58:03Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 211.51.0.0 - 211.51.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 19 days ago
Appeared in 15 threat reports