IOC Radar
IPMediumSignal 68/100

169.255.72.169

Location
CongoCongo
Brazzaville, 9
ASN
AS327829
Hotel HilTON
First Seen
Jul 7, 2025
Last Seen
Mar 28, 2026
Jul 7
First Seen
342d ago
Mar 28
Last Seen
78d ago
8
Reports
source reports
68%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

86 techniques

Network Information

CountryCGCongo
RegionBrazzaville, 9
ASNAS327829
OrganizationHotel HilTON

Feed Intelligence Summary

8 reports68% confidence
8
Source reports
68%
Confidence score
Category tags
ableacceptaccess typeactiveactive scanactive scanningadbhoney honeypotalertsamerica flagapacheapi callapisaptasciiascii textattackautomated brute forceav detectionav detectionsbackdoorbad reputationbaidubccwpblacklisted ipbodybotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute_forcec2 communicationcallscastleratcctvcctv exploitationcertchlg urlck idck matrixck techniquesclick-based attackcommandcommand & controlcommand and controlcommand injectioncommand injection attemptscommunication protocolcommunication technologiescompromised hostscongoconnected devicesconpot honeypotcontrol attcontrol defensecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscross-site scriptingcvecve exploitationdata exfiltrationdata store exposuredatabase securityddosddos attacksddos botdecoy systemdefense evasiondevice managementdionaea honeypotdirectory traversaldistributed attacksdns attackdvrdvr exploitationeabi4 versionenumerationeuropeeurope/asiaexploitexploit attemptsexploit scanningexploit shotgunexploitation activityexploitsfake claude codefalcon sandboxfilesfirst seenformatftpgermanyget requestget request attacksguest systemhoneytrap honeypothttp attackhttp scannerhybridicsics securityidentity & access exploitationids detectionsindicatorindicators showindustrial control systemsindustrial iotingress tool transferinjection activityinjection attacksinput validation bypassinternet of thingsiociot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot/ics attackipphoney honeypotipv4ipv4 addis__elfkvt49llamplast seenlateral movementlearnlinuxlocal file inclusionlogin brute forcelogolsb executablemac catalinamailoney honeypotmalicious activitymalicious linksmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmediamedium riskmipsmipsi versionmirai botnetmitre attmobile carriersmobile networksmodelmsb executablename tacticsnetworknetwork compromisenetwork devicenetwork probingnetwork scanningnetwork securitynetwork_reconnaissancenorth americanumbernvrnvr exploitationopenopen threatoperation ghostmailoperational disruptionpasspassive dnspassword attackspassword crackingpath traversalpersistent network compromisephishingphishing attackphishing trappolandpossible intrusionpost requestpost request attackspost-exploitationprocess injectionprotocol exploitationpulse pulsespwn2own exploitationpwn2own vulnerabilitiesransomwareratrce attemptsreadsreconnaissancerelated pulsesremoteremote accessremote code executionremote file inclusionremote servicesresearchedresource hijackingreverse dnsriskrolerole titlerondodox botnetrouterrouter exploitationscams & fraudscanning activityscanning hostsearchsentrypeer botnetsftp attackshell executionshellshocksmart devicessocial engineeringsourcespamspam botsql injection attemptsssh attackssh monitoringstatussysvt1003t1005t1007t1010t1012t1021t1021.001t1027t1033t1040t1041t1046t1047t1055t1057t1059t1059.003t1059.004t1068t1071t1071.001t1072t1076t1078t1082t1083t1087.003t1088t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1113t1114.003t1129t1133t1189t1190t1203t1204.001t1204.002t1205t1205.001t1210t1222t1480t1486t1496t1497t1498t1499.001t1499.002t1499.003t1546t1547t1558t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1569.001t1571t1572t1573t1573.001t1574t1583.005t1587t1587.001t1588t1588.002t1592t1595t1595.001t1595.002t1595.003t1614tagstannertelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetoolstor nodetrend microtrojan malwareturkeytypetype indicatorunitedunited statesunixunk_nightowlurlsuser executionusrbinls lusrbinrm fusrbinrm rfvaluevoipvoip attackvulnerability scanweb application attackweb application exploitationweb securityweb serverweb server compromiseweb trafficwindirx86 x8664x8632xmrigyara detectionszdizero

Activity Timeline

1 total obs
Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
8
Reports
First seenJul 7, 2025
Last seenMar 28, 2026
GeolocationCG
CountryCongo
LocationBrazzaville, 9
ASNAS327829
OrgHotel HilTON
Coords-4.1997, 12.6739

VirusTotal

Not checked

WHOIS

description
IP addresses associated with Injected URL - cgi-bin RFI attempt
raw
inetnum: 169.255.72.168 - 169.255.72.175 netname: Hotel-HilTON descr: Hotel HilTON block country: CG admin-c: RM28-AFRINIC tech-c: RM28-AFRINIC status: ASSIGNED PA mnt-by: SKYTIC-MNT source: AFRINIC # Filtered parent: 169.255.72.0 - 169.255.75.255 person: Renauldit MAUNE address: Conakry 224 address: GN address: Conakry address: Guinea phone: tel:+224-664-22-25-12 phone: tel:+224-664-22-25-31 nic-hdl: RM28-AFRINIC mnt-by: GENERATED-WMDSMU2SNQ4LSKQRBCZI9BWEN6J8RAFL-MNT source: AFRINIC # Filtered route: 169.255.72.0/24 descr: Skytic Telecom origin: AS327829 mnt-by: SKYTIC-MNT source: AFRINIC # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 8 threat reports