IOC Radar
IPMediumSignal 60/100

102.214.109.76

Location
South AfricaSouth Africa
Ballito, KwaZulu-Natal
ASN
AS329165
WPTL
First Seen
Apr 12, 2024
Last Seen
May 29, 2026
Apr 12
First Seen
792d ago
May 29
Last Seen
15d ago
19
Reports
source reports
60%
Confidence
medium
15/91
VirusTotal
detections
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Network Information

CountryZASouth Africa
RegionBallito, KwaZulu-Natal
ASNAS329165
OrganizationWPTL

Feed Intelligence Summary

19 reports60% confidence
19
Source reports
60%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningafricaamosstealerandroid-malwareapkapplication layer protocolaptarmasiaasyncratattackattack vector: networkattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceautomated attackautomated threatbabukbackdoorbad reputationbad-packagebankerbashbitbucketbitpieblacklisted domainblacklisted ipblacklisted urlblock listblocked ipbookingbotnetbotnet activitybotnet c2botnet communicationbotnetdomainbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcingc2c2 communicationc2 servercensyschina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode injectioncoinminercolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise credentialscompromised credentialscompromised hostcompromised hostscompromised system detectioncowrie datacowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential theftcredentialscryptocurrencyctacurldata exfiltrationdata store exposuredata theftdbatloaderddosddos activityddos attackddos attacksdecoy systemdefault credentialsdenial of servicedenial-of-servicedevice managementdga domaindionaea honeypotdiscorddistributed attacksdns attackdropped-by-acrstealerdropped-by-lummastealerdropped-by-privateloaderdropped-by-smokeloaderelfenterprise networkingenumerationepsiloneuropeexeexecutable fileexploitexploit public-facing applicationexploitationexploitation activityexploited hostexternal originexternal remote servicesfakecaptchafakecryptofakemp4fattfinlandfranceftpftp brute forcegafgytgermanygithubgponguloaderhackinghijackloaderhk abusehandlerhoneynet connecthoneytrap honeypothong konghtahttp brute forcehttp communicationhttp scannerhttp scanninghttps communicationidentity & access exploitationimtokenindicatorinfostealerinfrastructure impairmentingress tool transferinitial accessinjection activityintelinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackirc communicationjpg-base64-loaderkaijikeyloggerkill-chain exploitationkill-chain reconnaissancekoiloaderlateral movementloginlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin failurelow-risklummamachomacosmailoney honeypotmalicious activitymalicious domainsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmeduzametasploitmipsmirai botnetmobile threatmoobotmoonmotorolamozimp4msinetworknetwork accessnetwork activity analysisnetwork attacksnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork loginnetwork login attemptnetwork logonnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service protocolnetwork service scanningnetwork sniffingnetwork threatnetwork trafficnetwork traffic analysisnjratnorth americanpmoceaniaopenctiopendiroriginos credential dumpingos credentials dumpingosintp0fp2p communicationpassword attackpassword attackspassword brute forcepassword crackingpassword-protectedpgp signphishingphishing attackphishing trapphxiphxistealerpolandpolarischeatpossible ddos activityprivateloaderprocess injectionprotocol exploitationprotocol: telnetps1purelogstealerquasarratransomwarerarratreconnaissanceredlinestealerremcosratremote accessremote access attackremote access protocolremote access serviceremote authenticationremote loginremote serviceremote servicesrenesasresearchedresource hijackingrev-base64-loaderrouterssaint helena, ascension and tristan da cunhasalityscams & fraudscanscannerscanning activityscriptsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksftp exploitation attemptsshellshellscriptsingle ip sourcesip brute forcesip scanningsmb brute forcesmoke loadersmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsouth africaspamspam botsshssh attackssh monitoringsshdkitstealcstolen credentialst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1048t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.003t1071.004t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1563t1565t1566t1566.001t1566.002t1566.003t1567t1568t1568.002t1569t1569.002t1571t1573t1573.001t1573.002t1588t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat preventiontor nodetpottrojan malwaretrojan-banker.androidostxtua-wgetudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesunited states sourceupxus /32us abuseus based attackus ip addressus ip sourceus noneus sourceus source ipus-based attackusausa sourceuser executionvalid accountsvbs-droppervoipvoip attackvulnerability scanvulnerability-exploitationwarsawweb app attackweb application attackweb exploitationweb spamweb trafficwebshellwgetx86-32x86-64xml-opendirzazip

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
19
Reports
First seenApr 12, 2024
Last seenMay 29, 2026
GeolocationZA
CountrySouth Africa
LocationBallito, KwaZulu-Natal
ASNAS329165
OrgWPTL
Coords-29.4493, 31.2153

VirusTotal

15/ 91vendors flagged
16% detection rateJun 8, 2026

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 102.214.109.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 15 days ago
Appeared in 19 threat reports