IOC Radar
IPMediumSignal 68/100

109.94.119.46

Location
SerbiaSerbia
Sečanj, Vojvodina
ASN
AS203877
BEOTELNET d.o.o. ZRENJANIN
First Seen
Mar 12, 2025
Last Seen
Mar 12, 2026
Mar 12
First Seen
456d ago
Mar 12
Last Seen
92d ago
6
Reports
source reports
68%
Confidence
medium
3/91
VirusTotal
detections
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryRSSerbia
RegionSečanj, Vojvodina
ASNAS203877
OrganizationBEOTELNET d.o.o. ZRENJANIN

Feed Intelligence Summary

6 reports68% confidence
6
Source reports
68%
Confidence score
Category tags
active scanningadbhoney honeypotattackbotnetbrute forcebrute force attackbrute force attackscisco devicecommand and controlcommunication protocolcompromised credentialsconpot honeypotcowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase attacksdatabase exploitation attemptdatabase securitydecoy systemdevice managementdionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitation attemptftp brute forceftp brute-forceheralding attack patternhoneytrap honeypotics securityindicatorindustrial control systemsinitial accessiot attacksiot device targetingiot/ics attackipphoney honeypotlamplateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionpython script activityreconnaissanceredis honeypotremote accessresearchedresource hijackingrsscannerscripting attackssentrypeer botnetserbiasftp access attemptsftp attacksip brute forcesip scanningsocial engineeringssh attackssh brute-forcessh monitoringt1021t1040t1041t1046t1055t1059t1059.007t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat detectionthreat intelligencevoipvoip attackweb application attacksweb attackweb exploitation

Activity Timeline

1 total obs
Mar 12Mar 12

Threat Activity Heatmap

· Peak: 2026-03-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address with a high threat score of 68.0, represents a significant and active threat to organizational security. Its presence in network logs or security telemetry should be treated with immediate concern, as it is strongly associated with malicious activities such as active scanning, brute-force attempts, and the exploitation of numerous vulnerabilities, particularly within Mikrotik RouterOS devices. Failure to address interactions with this IOC could…

Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
6
Reports
First seenMar 12, 2025
Last seenMar 12, 2026
GeolocationRS
CountrySerbia
LocationSečanj, Vojvodina
ASNAS203877
OrgBEOTELNET d.o.o. ZRENJANIN
Coords45.3667, 20.7722

VirusTotal

3/ 91vendors flagged
3% detection rateJun 3, 2026

WHOIS

description
2025-04-24T13:13:33.168Z Honeypot : Heralding : Source: 109.94.119.46 : Username/Password: AdmIn/password1 Port: 1080 Message: 2025-04-24 13:13:33.168109,c1189a3d-2c85-467a-8be8-c2706219b869,c2fa0cfd-a659-491e-9fb1-8a18c771f212,109.94.119.46,60486,99.18.26.19,1080,socks5,AdmIn,password1,
raw
inetnum: 109.94.112.0 - 109.94.125.255 netname: RS-IPCBLOK country: RS org: ORG-IBDB1-RIPE admin-c: PV8072-RIPE tech-c: PV8072-RIPE status: ASSIGNED PI mnt-by: lir-rs-ipcblok-1-MNT mnt-by: RIPE-NCC-END-MNT created: 2023-12-21T13:39:57Z last-modified: 2023-12-21T13:39:57Z source: RIPE organisation: ORG-IBDB1-RIPE org-name: IPC BLOK d.o.o. Beograd country: RS org-type: LIR address: Omladinskih brigada 21 address: 11070 address: Beograd address: SERBIA phone: +381677722444 admin-c: PV8072-RIPE tech-c: PV8072-RIPE abuse-c: AR73454-RIPE mnt-ref: lir-rs-ipcblok-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-rs-ipcblok-1-MNT created: 2023-12-04T09:10:55Z last-modified: 2023-12-04T09:10:55Z source: RIPE # Filtered role: Petar Velikinac address: SERBIA address: Beograd address: 11070 address: Omladinskih brigada 21 phone: +381677722444 nic-hdl: PV8072-RIPE mnt-by: lir-rs-ipcblok-1-MNT created: 2023-12-04T09:10:54Z last-modified: 2023-12-04T09:10:55Z source: RIPE # Filtered route: 109.94.119.0/24 origin: AS203877 mnt-by: rs-astratelekom-1-mnt created: 2019-12-20T14:49:48Z last-modified: 2023-03-23T10:31:12Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 6 threat reports