IPMediumSignal 50/100
159.146.99.162
Location
TurkeyIstanbul, 41
ASN
AS12735
AydinPOP XdslDynamic
First Seen
Aug 9, 2024
Last Seen
Mar 19, 2026
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryTurkey
TurkeyRegionIstanbul, 41
ASNAS12735
OrganizationAydinPOP XdslDynamic
Feed Intelligence Summary
14 reports50% confidence
14
Source reports
50%
Confidence score
Category tags
abuseaccess controlactive scanningattackbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force botc2 communicationcanadacloud providercnccommand and controlcommunication protocolcompromised hostscowrie honeypotcredential accesscredential guessingcredential stuffingcredential stuffing botdata exfiltrationddos attacksddos botdecoy systemdenial of servicedigital oceandionaea honeypotdistributed attackseurope/asiaexploited hostftp brute forcehackinghoneytrap honeypothttp floodindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attackipv4lampmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware botnet activitymalware capturemalware distributionmirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americapassword attacksprocess injectionprotocol exploitationreconnaissanceremote accessresearchedscanscannerscannersscanning activitysecurity policysftp attackspam botssh attackssh monitoringt1005t1016t1016.001t1016.002t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1029t1036t1036.005t1036.007t1036.009t1040t1041t1046t1053t1053.005t1055t1056.001t1057t1059t1059.001t1059.004t1068t1071t1071.001t1071.004t1078t1078.001t1082t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1123t1133t1189t1190t1199t1202t1203t1204t1204.002t1210t1211t1485t1486t1489t1490t1492t1496t1497t1497.001t1497.002t1499.001t1499.002t1499.003t1562t1562.001t1562.004t1565t1566t1566.001t1571t1572t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.008t1590t1592t1595t1595.001t1595.002t1595.003tcp floodtcp protocoltcp/23telnet threatthreat actorthreat detectionthreat intelligencethreat preventiontorontoturkeyunauthorized login
Activity Timeline
Mar 19Mar 19
Threat Activity Heatmap
· Peak: 2026-03-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
14
Reports
First seenAug 9, 2024
Last seenMar 19, 2026
GeolocationTR
CountryTurkey
LocationIstanbul, 41
ASNAS12735
OrgAydinPOP XdslDynamic
Coords40.7642, 29.9138
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 159.146.96.0 - 159.146.99.255 netname: AydinPOP_XdslDynamic descr: TurkNet-DSL country: TR admin-c: TL143-RIPE tech-c: TL143-RIPE status: ASSIGNED PA mnt-by: MNT-TURKNET-MNT created: 2013-01-10T12:06:24Z last-modified: 2013-01-10T12:06:24Z source: RIPE person: TurkNet LIR address: TurkNet Iletisim Hizmetleri A.S. address: Buyukdere Cad. Ercan Han No.121 address: Gayrettepe / Istanbul / Turkey phone: +90 212 355 17 00 nic-hdl: TL143-RIPE created: 2009-03-05T10:03:41Z last-modified: 2011-08-24T12:18:33Z source: RIPE mnt-by: MNT-TURKNET-MNT route: 159.146.0.0/17 origin: AS12735 mnt-by: MNT-TURKNET-MNT created: 2023-06-15T09:59:40Z last-modified: 2023-06-15T09:59:40Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 14 threat reports