IPMediumSignal 71/100
109.94.119.84
Location
SerbiaSečanj, Vojvodina
ASN
AS203877
BEOTELNET d.o.o. ZRENJANIN
First Seen
Jan 28, 2025
Last Seen
Feb 20, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySerbia
SerbiaRegionSečanj, Vojvodina
ASNAS203877
OrganizationBEOTELNET d.o.o. ZRENJANIN
Feed Intelligence Summary
8 reports71% confidence
8
Source reports
71%
Confidence score
Category tags
active scanningadbhoney honeypotantispamattackattack sourceaustraliaauthentication attemptsauthentication_bypassbad web botbotnetbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcecisco devicecisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ioscommand and controlcommunication protocolcompromised credentialscompromised hostconpot honeypotcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingcve scandata exfiltrationdatabase attackdatabase attacksdatabase exploitation attemptdatabase securityddos attackdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploit kit activityexploitation attemptexternal threatfattftpftp brute forceftp brute-forceftp_bruteforceheralding attack patternhoneytrap honeypothttp brute forcehttp scannerhttp_scanhttps_scanics securityindicatorindustrial control systemsinitial accessinjection attacksintrusion detectioniociot attacksiot device targetingiot/ics attackipphoney honeypotipv4ipv4_addresslamplateral movementlog4jmailoney activitymailoney honeypotmalicious activitymalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork attack attemptsnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnetwork_service_exploitationnorth americaoceaniap0fpassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote loginremote serviceremote servicesremote_accessresearchedresource hijackingrsscannerscanning activityscripting attackssensor-taggedsentrypeer activitysentrypeer botnetserbiasftp access attemptsftp attacksip brute forcesip scanningsmtpsmtp brute forcesocial engineeringspamsql injection attemptssh attackssh brute-forcessh monitoringssh_bruteforcet-pott1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.003t1059.007t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1588.004t1595t1595.001t1595.002t1595.003tannertanner activitytelecommunicationstelnet threattelnet_bruteforcethreat actorthreat detectionthreat intelligencetpottpotceunauthorized accessunauthorized access attemptunited statesvoipvoip attackweb application attackweb application attacksweb attackweb exploitationweb shell attemptweb traffic
Activity Timeline
Feb 20Feb 20
Threat Activity Heatmap
· Peak: 2026-02-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, carries a high severity score of 71.19 and is not whitelisted, signaling a significant and immediate threat to organizational security. Its presence indicates potential engagement in various malicious activities, ranging from reconnaissance and credential access attempts to denial-of-service operations. This IOC is explicitly linked to the threat actor Adrastea, a group known for its sophisticated and impactful cyber operations, which elevates…
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
8
Reports
First seenJan 28, 2025
Last seenFeb 20, 2026
GeolocationRS
CountrySerbia
LocationSečanj, Vojvodina
ASNAS203877
OrgBEOTELNET d.o.o. ZRENJANIN
Coords43.9921, 20.9658
VirusTotal
Not checked
WHOIS
- description
- 2025-07-05T06:26:47.633Z Honeypot : Heralding : Source: 109.94.119.84 : Username/Password: ADmIN/aa123456 Port: 1080 Message: 2025-07-05 06:26:47.633953,ed0f1d34-5d4f-4b6c-9e9d-e0b39a159dc9,8627b2f4-f8cf-4e37-ba6b-ca571101bc60,109.94.119.84,34374,99.18.26.21,1080,socks5,ADmIN,aa123456,
- raw
- inetnum: 109.94.112.0 - 109.94.125.255 netname: RS-IPCBLOK country: RS org: ORG-IBDB1-RIPE admin-c: PV8072-RIPE tech-c: PV8072-RIPE status: ASSIGNED PI mnt-by: lir-rs-ipcblok-1-MNT mnt-by: RIPE-NCC-END-MNT created: 2023-12-21T13:39:57Z last-modified: 2023-12-21T13:39:57Z source: RIPE organisation: ORG-IBDB1-RIPE org-name: IPC BLOK d.o.o. Beograd country: RS org-type: LIR address: Omladinskih brigada 21 address: 11070 address: Beograd address: SERBIA phone: +381677722444 admin-c: PV8072-RIPE tech-c: PV8072-RIPE abuse-c: AR73454-RIPE mnt-ref: lir-rs-ipcblok-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-rs-ipcblok-1-MNT created: 2023-12-04T09:10:55Z last-modified: 2023-12-04T09:10:55Z source: RIPE # Filtered role: Petar Velikinac address: SERBIA address: Beograd address: 11070 address: Omladinskih brigada 21 phone: +381677722444 nic-hdl: PV8072-RIPE mnt-by: lir-rs-ipcblok-1-MNT created: 2023-12-04T09:10:54Z last-modified: 2023-12-04T09:10:55Z source: RIPE # Filtered route: 109.94.119.0/24 origin: AS203877 mnt-by: rs-astratelekom-1-mnt created: 2019-12-20T14:49:48Z last-modified: 2023-03-23T10:31:12Z source: RIPE
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports