IOC Radar
IPMediumSignal 96/100

222.106.198.33

Location
South KoreaSouth Korea
Seoul, Seoul
ASN
AS4766
Jusikhoesa geumsaeinteotib
First Seen
Jul 1, 2025
Last Seen
Feb 20, 2026
Jul 1
First Seen
360d ago
Feb 20
Last Seen
126d ago
18
Reports
source reports
96%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Network Information

CountryKRSouth Korea
RegionSeoul, Seoul
ASNAS4766
OrganizationJusikhoesa geumsaeinteotib

Feed Intelligence Summary

18 reports96% confidence
18
Source reports
96%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount profilingaccount takeoveractive scanninganomalous network connectionsasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication bypassautomated attackbad web botblacklisted ipsblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationchina mobilecolumnscommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised systemscowrie honeypotcredential accesscredential harvestingcredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptddosddos attackdecoy systemdenial of servicedenial-of-service attemptdictionary attackdionaea honeypotdistributed attackseuropeexploitationexploitation attemptsexploited hostexternal ipfattfinlandfrancefraud ordersftpftp brute forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp botnethttp brute forcehttp request anomalieshttp scannerhurricane usimapimap attackindicatoriocirc botnetkorea, republic oflateral movementlogin attacklogin attemptlogin brute forcelogin brute-forcemailoney honeypotmalicious activitymalicious ip activitymalicious ipsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionnetworknetwork accessnetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnorth americaoceaniap0fpassword attackpassword attackspassword sprayingpgp signphishing attackphishing trappolandpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsouth koreassh attackssh monitoringswedent1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1588t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotudp scanunauthorized access attemptunited statesus nonevalid accountsvoipvoip attackweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
Feb 20Feb 20

Threat Activity Heatmap

· Peak: 2026-02-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
18
Reports
First seenJul 1, 2025
Last seenFeb 20, 2026
GeolocationKR
CountrySouth Korea
LocationSeoul, Seoul
ASNAS4766
OrgJusikhoesa geumsaeinteotib
Coords37.5658, 126.9780

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
inetnum: 222.96.0.0 - 222.122.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-06T02:32:55Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 222.96.0.0 - 222.122.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-03/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-02/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-01/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-29/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-28/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-27/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-26/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-25/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-24/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-23/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-21/, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 18 threat reports