IPMediumSignal 76/100
117.247.111.70
Location
IndiaNamakkal, Karnataka
ASN
AS9829
BSNL Internet
First Seen
Nov 17, 2023
Last Seen
May 29, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIndia
IndiaRegionNamakkal, Karnataka
ASNAS9829
OrganizationBSNL Internet
Feed Intelligence Summary
25 reports76% confidence
25
Source reports
76%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount takeover attemptsactive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningapplication layer protocolaptasiaasnattackattack sourceattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauto-generated securityautomated attackautomated attacksbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescocos (keeling) islandscolumnscommand & controlcommand and controlcommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingcredential_accessctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos preparationdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigitalocean vpsdionaea honeypotdistributed attacksdnsdns attackemerging threatsencryptionenterprise networkingenumerationeu cyber policieseuropeexecutable fileexploitexploit attemptsexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackfail2ban alertfail2ban blocked ipfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfilefinlandfranceftpftp attacksftp brute forceftp brute-forcegame_servergeographic locationgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationinindiaindicatorindicators of compromiseindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot targetedipv4ipv4 addressipv4 attacksipv4_addressit infrastructurelamplamp server targetinglateral movementlcialinux-server-attackslogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin failurelogin securitymailmailoney honeypotmalicious activitymalicious file transfermalicious ip activitymalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmispmod securitymodsecurity alertsmodsecurity attacksmssql scanningnetworknetwork accessnetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork_service_exploitationnorth americanoticenull scanoceaniaopenctip0fpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential botnetpotential exploitprocess injectionprotocol exploitationransomwarerdp attacksreconnaissancereconnaissance activityregional securityremote accessremote access attemptremote access attemptsremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver exploitationservice scansftp access attemptsftp access attemptssftp attacksingaporesip brute forcesip scanningsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh brute-force attemptssh bruteforcessh monitoringstaging_serverswedensyn scant-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1552.001t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottraffic anomaly detectionudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunited kingdomunited kingdom ipsunited statesus abuseus noneutc+1:00valid accountsvnc protocolvoipvoip attackvpsvps securityvulnerability scanweb application attackweb attacksweb brute forceweb exploitationweb loginweb spamweb trafficwordpress brute forcexmas scan
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address `117.247.111.70`, carries significant risk with a high score of 75.99, indicating a high probability of malicious involvement. Its presence across numerous threat intelligence feeds points towards active reconnaissance and aggressive brute-force attacks targeting various network services. Evidence suggests this IP is associated with an "Unknown Actor Multi-Target Brute Force Campaign," implying a systematic effort to compromise systems. If this…
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
25
Reports
First seenNov 17, 2023
Last seenMay 29, 2026
GeolocationIN
CountryIndia
LocationNamakkal, Karnataka
ASNAS9829
OrgBSNL Internet
Coords12.9716, 77.5946
VirusTotal
Not checked
WHOIS
- description
- Honeypot
- raw
- inetnum: 117.247.0.0 - 117.247.251.255 netname: BB-Multiplay-Static descr: Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore country: IN admin-c: BH155-AP tech-c: DB374-AP abuse-c: AB1061-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-IN-DOT mnt-irt: IRT-BSNL-IN last-modified: 2021-07-15T07:19:22Z source: APNIC irt: IRT-BSNL-IN address: Internet Cell address: Bharat Sanchar Nigam Limited. address: 8th Floor,148-B Statesman House address: Barakhamba Road, New Delhi - 110 001 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NC83-AP tech-c: CGMD1-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-02 mnt-by: MAINT-IN-DOT last-modified: 2025-07-02T04:53:55Z source: APNIC role: ABUSE BSNLIN country: ZZ address: Internet Cell address: Bharat Sanchar Nigam Limited. address: 8th Floor,148-B Statesman House address: Barakhamba Road, New Delhi - 110 001 phone: +000000000 e-mail: [email protected] admin-c: NC83-AP tech-c: CGMD1-AP nic-hdl: AB1061-AP remarks: Generated from irt object IRT-BSNL-IN remarks: [email protected] was validated on 2025-07-02 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-02T04:54:12Z source: APNIC person: BSNL Hostmaster nic-hdl: BH155-AP e-mail: [email protected] address: Broadband Networks address: Bharat Sanchar Nigam Limited address: 2nd Floor, Telephone Exchange, Sector 62 address: Noida phone: +91-120-2404243 fax-no: +91-120-2404241 country: IN mnt-by: MAINT-IN-PER-DOT last-modified: 2021-12-08T10:52:18Z source: APNIC person: DGM Broadband address: BSNL NOC Bangalore country: IN phone: +91-080-25805800 fax-no: +91-080-25800022 e-mail: [email protected] nic-hdl: DB374-AP mnt-by: MAINT-IN-PER-DOT last-modified: 2011-02-19T10:03:44Z source: APNIC route: 117.247.111.0/24 origin: AS9829 descr: Bharat Sanchar Nigam Ltd O/o Chief General Manager, Data Networks, BSNL CTS Compond, Netaji Nagar mnt-by: MAINT-IN-DOT last-modified: 2020-10-21T13:41:43Z source: APNIC
- references
- https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2025-09-05/, https://jamesbrine.com.au, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 9 days ago
Appeared in 25 threat reports