IOC Radar
IPMediumSignal 62/100

168.227.85.94

Location
BrazilBrazil
Várzea Paulista, São Paulo
ASN
AS263544
Varzea NET Telecomunicacoes Ltda ME
First Seen
May 31, 2025
Last Seen
Sep 1, 2025
May 31
First Seen
392d ago
Sep 1
Last Seen
299d ago
13
Reports
source reports
62%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryBRBrazil
RegionVárzea Paulista, São Paulo
ASNAS263544
OrganizationVarzea NET Telecomunicacoes Ltda ME

Feed Intelligence Summary

13 reports62% confidence
13
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanningasiaattackauthentication attacksblock listbotnetbrazilbrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 serverchina mobilecloud infrastructurecloud infrastructure attackcloud servicescolumnscommand and controlcommunication protocolcommunication technologiescompany limitedcompromised hostcompromised hostscompromised systemscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata theftddosddos attackddos attacksdecoy systemdenial of servicedistributed attacksenumerationeuropeexploitexploit attemptsexploitationexploitation attemptsftpftp brute forcehackinghk abusehandlerhong konghttp brute forcehttp scannerhttp scanningindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attacklamplateral movementmalicious activitymalicious ip activitymalicious network activitymalicious softwaremalwaremalware distributionmalware propagationmalware scanningmirai botnetmobile carriersmobile networksnetworknetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysispassword attackpassword attackspassword sprayingpgp signpolandpotential malware uploadprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanning activitysecurity operationssecurity policysftp attacksmtpsmtp brute forcesmtp scanningsocradar honeypotsouth americaspamsql injection attemptsssh attackssh monitoringt1016t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056.001t1059t1059.001t1071t1071.001t1076t1078t1078.001t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1210t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1573t1573.001t1588t1592t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat feedthreat intelligencethreat preventiontimeoutus abuseus noneweb traffic

Activity Timeline

1 total obs
Sep 1Sep 1

Threat Activity Heatmap

· Peak: 2025-09-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
13
Reports
First seenMay 31, 2025
Last seenSep 1, 2025
GeolocationBR
CountryBrazil
LocationVárzea Paulista, São Paulo
ASNAS263544
OrgVarzea NET Telecomunicacoes Ltda ME
Coords-23.5471, -46.6372

VirusTotal

Not checked

WHOIS

description
Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 months ago
Appeared in 13 threat reports