IPMediumSignal 65/100
59.12.160.91
Location
Korea, Republic ofSuwon, 41
ASN
AS4766
Kornet
First Seen
Mar 26, 2022
Last Seen
Jun 7, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionSuwon, 41
ASNAS4766
OrganizationKornet
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
30 reports65% confidence
30
Source reports
65%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionanomalous network connectionsapacheapplication layer protocolaptasiaasnattackattack sourceattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failuresauthentication_bypassauthentication_failuresauthorizationautomated attackautomated attacksautomated multi-vector probingautomated threatbad reputationbad web botblacklisted ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco exploitation attemptcliftoncloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecocos (keeling) islandscode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie honeypotcredential accesscredential attackcredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-harvestingcredential_accesscredential_stuffingcredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos preparationdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean vpsdionaea activitydionaea honeypotdistributed attacksdosdos_attackenterprise networkingenumerationenv-huntingeu cyber policieseuropeexecutable fileexploitexploit probingexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal remote servicesexternal_threatfail2ban alertfail2ban blocked ipsfail2ban detectedfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt analysisfinlandfrancefraud ordersfraud voipftpftp attacksftp brute forceftp brute-forcegame_servergb-originating servergeographic locationgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimap brute forceindicatorindicators of compromiseinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet-facinginternet-scanninginternet-wide scanintrusion detectioniociot securityiot targetedip-addressip-addressesipv4ipv4 addressipv4 addressesipv4-scanningipv4_activityipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancekorea (the republic of)korea, republic ofkrlamplamp server targetinglamp stacklateral movementlinux systemslog analysisloginlogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin securitylogin_attacklow-riskmailmailoney activitymailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious ipsmalicious login attemptsmalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmass-scanningmispmod securitymultiple failed attemptsmultiple failed loginsnetworknetwork accessnetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork trafficnetwork traffic analysisnetwork-attacknetwork_discoverynetwork_service_exploitationnew_ip.txtnginxnorth americanoticenull scanoceaniaopen proxyopenctiosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword_guessingpasswordspgp signphishingphishing attackphishing trapping of deathpolandport-scanportscanpossible botnet activitypossible malware distributionpotential botnetpre-attackprivateprocess injectionproject_gifted1protocol exploitationprotocol-probingproxyransomwarereconnaissancereconnaissance activityregional securityremote accessremote access attemptsremote serviceremote service discoveryremote service exploitationremote servicesremote_accessresearchresearchedresource hijackingrtbhscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationsself-signedsensor-taggedsentrypeer activitysentrypeer botnetserver securityservice scansftp attacksftp exploitation attemptssipsip attackssmtpsmtp attackssmtp brute forcesmtp scanningsocial engineeringsoftware developmentsouth koreaspamsql-injectionsshssh attackssh attacksssh brute-force attemptssh bruteforcessh monitoringssh-brutestaging_serversuricata alertsswedensyn scant-pott1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1021: remote servicest1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.004t1078: valid accountst1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1583t1583.006t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedtimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesunknown threat actorus abuseus noneutc+1utc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvpsvps attackvps securityvulnerability scanvulnerability-scanvulnerability-scanningvultrvultr platformweb app attackweb application attackweb attackweb brute forceweb exploitationweb spamweb trafficweb-attackworker_strikexmas scan
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
30
Reports
First seenMar 26, 2022
Last seenJun 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuwon, 41
ASNAS4766
OrgKornet
Coords37.1549, 127.0674
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on Vultr Paris (France) honeypot
- raw
- inetnum: 59.0.0.0 - 59.31.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:21:55Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 59.0.0.0 - 59.31.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://github.com/telekom-security/tpotce, https://purplesynapz.com/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 8 days ago
Appeared in 30 threat reports