IPMediumSignal 72/100
222.107.156.227
Location
Korea, Republic ofGangnam-gu, Seoul
ASN
AS4766
(ju)emtiai
First Seen
Aug 26, 2020
Last Seen
Jun 7, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionGangnam-gu, Seoul
ASNAS4766
Organization(ju)emtiai
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
34 reports72% confidence
34
Source reports
72%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccess logs analysisaccount accessaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapplication layer protocolaptasiaasnattackattack sourceattack source analysisattack source: externalattacker hostsattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication failuresauthentication_bypassauthentication_failuresauthorizationautomated attackautomated attack attemptsautomated attacksautomated threat detectionbad reputationbad web botblock listblock.txtblocklist_allblog spambot activitybotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescocos (keeling) islandscode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential attackscredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential_accesscredential_stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean vpsdionaeadionaea honeypotdionaea interactionsdirectory traversal attemptdistributed attacksdosencryptionenterprise networkingeuropeexecutable fileexploitexploit attemptexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal ipexternal remote servicesexternal-threatfail2ban alertfail2ban alertsfail2ban blockedfail2ban blocked ipfail2ban logfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt signaturesfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forceftp scangame_servergeographic locationgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttpshttps scanninghurricane usidentity & access exploitationimap brute forceindiaindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access vectorinitial-accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot targetedip-addressipv4ipv4 addressipv4 addressesipv4-iocipv4_addressit infrastructurejapankill-chain exploitationkill-chain reconnaissancekorea (the republic of)korea, republic ofkrlamplamp exploitation attemptlamp server targetinglamp stacklateral movementlinux systemslog analysislogin attacklogin attemptlogin attemptslogin brute-forcelogin failurelow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious loginmalicious script executionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmalware hostingmanualmispmod securitynetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork traffic analysisnetwork-discoverynetwork_service_exploitationnorth americanoticeoceaniaopen proxyopencanaryos credentials dumpingosintp0fp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanportscanpossible botnet activitypossible malware distributionpotential compromisepotential reconnaissanceprocess injectionprotocol exploitationprotocol-probingproxypublicly accessible infrastructureransomwareraspberry-pirdp scanreconnaissancereconnaissance activityredpiranha iocremote accessremote access attemptremote access protocolremote login attacksremote serviceremote service exploitationremote servicesremote_accessresearchresearchedresource developmentresource hijackingscams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsservice scansftp access attemptsftp attacksftp attackssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scansocial engineeringsoftware developmentsoftware exploitationsouth koreaspamsql injection attemptsql-injectionsshssh attackssh brute-force attemptssh bruteforcessh monitoringssh scanssh-brutestaging_serversuricata alertsswedensystem accesst-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195.002t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1550t1550.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnettelnet scantelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunited kingdomunited statesunknown actorunknown threat actorus noneus source ipuser enumerationutc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerabilityvulnerability scanvulnerability-scanvultrvultr platformvultr-platformwarsawweb app attackweb application attackweb attackweb brute forceweb exploitweb exploitationweb loginweb shell attemptweb shell uploadweb spamweb trafficweb-attack
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
34
Reports
First seenAug 26, 2020
Last seenJun 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationGangnam-gu, Seoul
ASNAS4766
Org(ju)emtiai
Coords37.4953, 127.1160
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on Vultr Paris (France) honeypot
- raw
- inetnum: 222.96.0.0 - 222.111.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2025-11-03T08:15:10Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 222.96.0.0 - 222.111.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 3 days ago
Appeared in 34 threat reports