IPMediumSignal 57/100

`157.92.113.49`

Location

Argentina

Recoleta, C

ASN

AS3449

Universidad Nacional de Buenos Aires

First Seen

Jun 26, 2024

Last Seen

Apr 7, 2026

Jun 26

First Seen

718d ago

Apr 7

Last Seen

68d ago

Reports

source reports

57%

Confidence

medium

Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

Argentina

RegionRecoleta, C

ASNAS3449

OrganizationUniversidad Nacional de Buenos Aires

Feed Intelligence Summary

19 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningapplication layer protocolarargentinaattackaustraliaauthenticationauthentication attacksautomated attackautomated attacksbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 servercommand & controlcommand and controlcommunication protocolcompromised credentialscompromised devicecompromised hostcompromised hostscompromised systemcowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential_accesscredentialsctadata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedictionary attackdionaea honeypotdionaea interactionsdistributed attackseuropeexploitation activityfail2ban alertfail2ban triggeredfailed loginfattfatt signaturesfinlandfranceftpftp brute forcegame_servergermanyhoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scanneridentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityiocipv4it infrastructurelamplateral movementlogin attemptlogin failuremailoney honeypotmailoney interactionsmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnorth americanoticeoceaniap0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trappolandpotential exploitprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptsremote servicesresearchedresource hijackingscanscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice scansftp attacksip scanningsmb brute forcesmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware developmentsouth americaspamssh attackssh monitoringssh scanningsshdstaging_serversuricata alertst1003t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceudp scanunauthorized access attemptunauthorized access attemptsunited kingdomunited statesvalid accountsvoipvoip attackvulnerability scanweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenJun 26, 2024

Last seenApr 7, 2026

GeolocationAR

CountryArgentina

LocationRecoleta, C

ASNAS3449

OrgUniversidad Nacional de Buenos Aires

Coords-34.6022, -58.3845

VirusTotal

Not checked

WHOIS

description: Host bruteforcing SSH
raw: Socket not responding: [Errno 111] Connection refused
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`157.92.113.49`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy