IOC Radar
IPMediumSignal 23/100

116.90.229.90

Location
NepalNepal
Kathmandu, Bagmati
ASN
AS24550
Websurfer Nepal Communication System Pvt. Ltd
First Seen
Dec 27, 2024
Last Seen
Mar 31, 2026
Dec 27
First Seen
545d ago
Mar 31
Last Seen
86d ago
9
Reports
source reports
23%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
23%
Signal Score
23 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryNPNepal
RegionKathmandu, Bagmati
ASNAS24550
OrganizationWebsurfer Nepal Communication System Pvt. Ltd

Feed Intelligence Summary

9 reports23% confidence
9
Source reports
23%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney attacksadbhoney honeypotantispamasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackcommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securitydecoy systemdionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringexploitation activityftp brute forceheralding attack patternidentity & access exploitationimapimap attackindicatorinjection activityiot securitylateral movementlog4jmailoney email attacksmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenepalnetworknetwork scanningnetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionpython script activityreconnaissanceresearchedresource hijackingsentrypeer botnetsftp attacksmtpsmtp attackersocial engineeringspamssh attackssh monitoringt1021t1021.002t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1195.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583.001t1595t1595.001t1595.002t1595.003tannertanner web attackstargeting databasetelecommunicationsthreat actorthreat intelligencetor nodevoipvoip attack

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
23
SIGNAL
Signal Score
23%
Confidence
9
Reports
First seenDec 27, 2024
Last seenMar 31, 2026
GeolocationNP
CountryNepal
LocationKathmandu, Bagmati
ASNAS24550
OrgWebsurfer Nepal Communication System Pvt. Ltd
Coords28.0000, 84.0000

VirusTotal

Not checked

WHOIS

description
2025-03-07T12:42:03.835Z Honeypot : Heralding : Source: 116.90.229.90 : Username/Password: User/michelle Port: 1080 Message: 2025-03-07 12:42:03.835340,d81470ed-3770-43b4-9ecb-7e167d24c443,f2ebf638-d9de-4638-a08c-a6d4ab0906cc,116.90.229.90,56682,99.18.26.19,1080,socks5,User,michelle,
raw
inetnum: 116.90.224.0 - 116.90.231.255 netname: WEBSURFER-NP descr: Websurfer Nepal Communication System Pvt. Ltd country: NP admin-c: AW601-AP tech-c: AW601-AP abuse-c: AW880-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-NP-WEBSURFER mnt-irt: IRT-WEBSURFER-COMM-NP last-modified: 2022-03-14T05:38:35Z source: APNIC irt: IRT-WEBSURFER-COMM-NP address: 3rd Flr, Shree Raj Bhawan address: P.O. Box 7940 address: Subidhanagar, Tinkune address: Kathmandu, Nepal e-mail: [email protected] abuse-mailbox: [email protected] admin-c: AW601-AP tech-c: AW601-AP auth: # Filtered remarks: [email protected] was validated on 2024-12-09 remarks: [email protected] was validated on 2025-03-17 mnt-by: MAINT-NP-WEBSURFER last-modified: 2025-03-17T11:08:43Z source: APNIC role: ABUSE WEBSURFERCOMMNP country: ZZ address: 3rd Flr, Shree Raj Bhawan address: P.O. Box 7940 address: Subidhanagar, Tinkune address: Kathmandu, Nepal phone: +000000000 e-mail: [email protected] admin-c: AW601-AP tech-c: AW601-AP nic-hdl: AW880-AP remarks: Generated from irt object IRT-WEBSURFER-COMM-NP remarks: [email protected] was validated on 2024-12-09 remarks: [email protected] was validated on 2025-03-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-17T11:08:53Z source: APNIC person: APNIC WSN address: 3rd Floor, Shree Raj Bhawan, Subidhanagar address: Tinkune, Kathmandu, Nepal. country: NP phone: +977-1-5199093 e-mail: [email protected] nic-hdl: AW601-AP mnt-by: MAINT-NP-WEBSURFER last-modified: 2016-12-19T10:34:02Z source: APNIC route: 116.90.229.0/24 descr: Internet Service Provider origin: AS24550 mnt-by: MAINT-NP-WEBSURFER last-modified: 2014-05-28T04:34:47Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports