IOC Radar
IPMediumSignal 26/100

138.97.78.55

Location
BrazilBrazil
Caucaia, CE
ASN
AS271069
A4 TELECOM SERVICOS DE TELECOMUNICACAO LTDA
First Seen
Mar 12, 2024
Last Seen
May 10, 2026
Mar 12
First Seen
825d ago
May 10
Last Seen
37d ago
8
Reports
source reports
26%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryBRBrazil
RegionCaucaia, CE
ASNAS271069
OrganizationA4 TELECOM SERVICOS DE TELECOMUNICACAO LTDA

Feed Intelligence Summary

8 reports26% confidence
8
Source reports
26%
Confidence score
Category tags
active scanactive scanningadbhoney honeypotapplication layer protocolattackattack sourceaustraliaauthentication_bypassauto-generated securityautomated attacksautomated_threatsbotnetbotnet activitybotnet_activitybrbrazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_force_attackscisco brute forcecisco devicecisco exploit attemptcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostconpot honeypotcowrie honeypotcowrie interactionscredential accesscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attacksdatabase exploitation attemptdatabase securitydatabase service attacksddosdecoy systemdenial of servicedevice managementdionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingexploitationexploitation activityexploitation attemptsfattftpftp brute forceftp brute-forceheralding attack patternhoneytrap honeypothttp brute forcehttp scannericsics securityics/scada attacksidentity & access exploitationimapindicatorindustrial control systemsinitial accessinjection activityinjection attacksiot attacksiot device attacksiot device targetingiot securityiot/ics attackipphoney honeypotipv4ipv4_addresslamplamp vulnerability scanlateral movementmailoney honeypotmalicious activitymalicious softwaremalicious_ip_addressesmalwaremalware behaviourmalware capturenetworknetwork device attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork_service_exploitationnorth americaoceaniap0fpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote access attemptsremote serviceremote servicesremote_accessresearchedresource hijackingscannerscanning activityscripting attackssensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksftp attackssftp exploit attemptsftp exploitationsip brute forcesip scanningsmtpsocial engineeringsouth americaspamsql injection attemptssh attackssh attacksssh brute-forcessh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.005t1059.007t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1588.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunited statesvoipvoip attackvoip attacksvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb service attacksweb traffic

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, signals potential involvement in widespread malicious activities, including reconnaissance, brute-forcing, and exploitation attempts. Its presence indicates a source likely engaging in unauthorized scanning, credential compromise attempts, and potentially acting as command and control infrastructure or a platform for resource hijacking. If this IOC is observed interacting with organizational assets, it represents a significant risk of initial …

Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
8
Reports
First seenMar 12, 2024
Last seenMay 10, 2026
GeolocationBR
CountryBrazil
LocationCaucaia, CE
ASNAS271069
OrgA4 TELECOM SERVICOS DE TELECOMUNICACAO LTDA
Coords-3.7822, -38.8025

VirusTotal

Not checked

WHOIS

description
Imported indicator
raw
Socket not responding: [Errno 111] Connection refused
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 8 threat reports