IPMediumSignal 68/100
61.72.59.106
Location
Korea, Republic ofNamyangju, 11
ASN
AS4766
Korea Telecom
First Seen
Mar 8, 2024
Last Seen
Jun 16, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionNamyangju, 11
ASNAS4766
OrganizationKorea Telecom
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
30 reports68% confidence
30
Source reports
68%
Confidence score
Category tags
abuseabuseipdbaccount accessaccount compromiseaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveraccount-compromiseactive scanactive scanningadresse ipaptasiaatif feedattackattack_vector:brute_forceattacker ipattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication failuresauthentication-failureauthentication_protocolauto-generated securityautomated attackautomated attack attemptsazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcebrute-force attackbruteforcec2 communicationc2 serverciscocisco devicecisco exploit attemptscisco exploitation attemptcivil servicescloud account securitycloud environmentcloud infrastructurecloud securitycode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostsconpotconpot honeypotcowriecowrie datacowrie honeypotcredential accesscredential brute forcecredential brute forcingcredential compromisecredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential_accesscredentialscredit card servicesctadata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksemail-protocolenterprise networkingeuropeexploit attemptexploitation activityexploited hostexternal ipexternal remote servicesfail2ban triggeredfailed loginfinancefinance and insurancefinancial servicesfinancial technologyfinlandfinland activityfrancefraud ordersftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp enumerationics securityidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot/ics attackit infrastructureknown malicious actorkorea (the republic of)korea, republic ofkrlamplamp exploitlamp exploit attemptslateral movementlocal governmentlocal government targetlogin attacklogin attemptlogin attemptslogin brute forcelogin-attackmalaysiamalicious activitymalicious hostmalicious sftp loginmalicious softwaremalicious ssh loginmalicious-ipmalwaremalware behaviourmalware capturemalware distributionmanualmicrosoft entramicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork accessnetwork attacksnetwork brute forcenetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork:tcpnorth americaoceaniaopenctios credential dumpingpassword attackpassword attackspassword crackingpassword sprayingpassword-attackpayment processingphishingphishing attackpolandpop3 brute forcepotential intrusion attemptpotential-atoprocess injectionprotocol exploitationprotocol:imapprotocol:pop3protocol:saslprotocol:smtppublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote access attemptremote servicesremote_accessresearchedresource hijackingrtbhsaslsasl authenticationsasl brute forcescams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssentrypeer botnetservice enumerationservice scansftpsftp access attemptsftp access attemptssftp attacksipsip brute forcesip scanningsmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsocradar honeypotsoftware developmentsouth koreaspamsshssh attackssh monitoringswedent1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583.006t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1592.004t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp attacktcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeturkeyudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunited kingdomunited statesvalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanwealth managementweb app attackweb application attackweb attackweb exploitationweb spam
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
30
Reports
First seenMar 8, 2024
Last seenJun 16, 2026
GeolocationKR
CountryKorea, Republic of
LocationNamyangju, 11
ASNAS4766
OrgKorea Telecom
Coords37.5944, 126.9864
VPN
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
- raw
- inetnum: 61.72.0.0 - 61.77.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:21:55Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 61.72.0.0 - 61.77.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, Sign in from malicious ip blocked-2025-02-17 17_19_32.861.csv, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 10 days ago
Appeared in 30 threat reports