IOC Radar
IPMediumSignal 100/100

156.253.227.112

Location
South AfricaSouth Africa
Johannesburg, Gauteng
ASN
AS328608
Cloud Innovation Ltd
First Seen
Mar 10, 2025
Last Seen
Mar 26, 2026
Mar 10
First Seen
459d ago
Mar 26
Last Seen
78d ago
18
Reports
source reports
99%
Confidence
medium
7/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryZASouth Africa
RegionJohannesburg, Gauteng
ASNAS328608
OrganizationCloud Innovation Ltd

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseactive scanningafricaagent teslaakiraaptasiaasyncratattackbotnetbrazilbrute forcebrute force attackc2c2 communicationcisoscnccoinminercommand and controlcommunication technologiescompromise ipv4connected devicescowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrency threatscryptojackingctadata exfiltrationdcratddosddos attackddos attacksdecoy systemdevice managementdistributed attackselfeuropeeurope/asiaexploitationfinancefrancegbgermanygroupedindicatorindonesiaindustrial iotinternet of thingsiotiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4 portlinuxmalicious activitymalicious softwaremalwaremexicomirai botnetmirai botnet activitymobile carriersmobile networksmozimozi linknetherlandsnetworknetwork scanningnetwork securitynlnorth americapanamaparaguaypassword attacksphishing attackpolcertprocess injectionprotocol exploitationqilinransomwarereconnaissanceresearchedresource hijackingrussiascannerserviceseychellessftp attacksingaporesliversmart devicessocial engineeringsocradar honeypotsouth africasouth americassh attackssh monitoringsteamt1021t1021.001t1040t1041t1047t1053t1055t1059t1071t1071.001t1078t1105t1110.001t1110.002t1110.003t1110.004t1123t1190t1204t1486t1496t1497t1497.001t1498t1499.002t1499.003t1552t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1595.001t1595.002t1595.003telecomtelecom servicestelecommunicationtelecommunicationstelnet threatthreat actorua-wgetukraineunited kingdomurlhaus

Activity Timeline

1 total obs
Mar 26Mar 26

Threat Activity Heatmap

· Peak: 2026-03-26
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address identified as 156.253.227.112, carries an exceptionally high threat score of 100.0 and is not whitelisted, indicating its critical role in active malicious operations. Its presence within an organizational environment signifies an imminent and severe risk, potentially pointing to the early stages of a ransomware deployment, widespread data exfiltration, or a distributed denial-of-service (DDoS) attack. The associated threat actors, notably the …

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenMar 10, 2025
Last seenMar 26, 2026
GeolocationZA
CountrySouth Africa
LocationJohannesburg, Gauteng
ASNAS328608
OrgCloud Innovation Ltd
Coords-26.2056, 28.0337

VirusTotal

7/ 91vendors flagged
8% detection rateJun 3, 2026

WHOIS

description
CC=ZA ASN=AS328608 african network information center
raw
inetnum: 156.253.227.0 - 156.253.227.255 netname: Netiface_Limited descr: Netiface Limited country: NL admin-c: CIS1-AFRINIC tech-c: CIS1-AFRINIC status: ASSIGNED PA remarks: Abuse: [email protected] mnt-by: CIL1-MNT mnt-by: LARUS-SERVICE-MNT source: AFRINIC # Filtered parent: 156.224.0.0 - 156.255.255.255 person: Cloud Innovation Support address: Ebene address: MU address: Mahe address: Seychelles phone: tel:+248-4-610-795 nic-hdl: CIS1-AFRINIC abuse-mailbox: [email protected] mnt-by: CIL1-MNT source: AFRINIC # Filtered route: 156.253.227.0/24 descr: Rekade International LTD origin: AS214834 mnt-by: LARUS-SERVICE-MNT source: AFRINIC # Filtered route: 156.253.227.0/24 descr: Netiface Limited origin: AS60223 mnt-by: LARUS-SERVICE-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce, https://threatfox.abuse.ch/export/csv/recent/, https://urlhaus.abuse.ch/, https://any.run/malware-trends/, https://1275.ru/ioc/gs-25-1276-mirai-botnet-iocs_9954

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 18 threat reports