IPMediumSignal 72/100
170.79.37.88
Location
PeruSanta Anita - Los Ficus, Lima region
ASN
AS6147
INTEGRATEL PERÚ S.A.A
First Seen
Feb 19, 2024
Last Seen
Jun 6, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryPeru
PeruRegionSanta Anita - Los Ficus, Lima region
ASNAS6147
OrganizationINTEGRATEL PERÚ S.A.A
Feed Intelligence Summary
29 reports72% confidence
29
Source reports
72%
Confidence score
Category tags
abuseaccess controlaccess_violationaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackerapplication layer protocolaptasiaattackattack origin: gbattack sourceattack vectorsattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attack attemptsautomated attacksautomated-attackbad reputationbad web botbanner-grabbingblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential attackscredential harvestingcredential stuffingcredential stuffing attemptscredential-stuffingcredential_accesscredential_stuffingcredentialsctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean vpsdionaeadionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexport-to-otxexternal remote servicesexternal threatexternal-scanningexternal_threatfail2ban alertfail2ban logfail2ban triggeredfailed authenticationfailed login attemptsfattfatt detectionsfatt signaturesfilefinlandfranceftpftp brute forceftp brute-forceftp_brute_forcegame_servergermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiaindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet-wide scanintrusion detectioniociot securityiot targetedip-addressipv4ipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stacklamp stack targetinglateral movementlinux server targetinglinux systemslinux-server-attackslog analysislogin attacklogin attemptlogin attemptslogin failurelow-riskmailmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmanualmispmod securitymssqlmultiple_failed_loginsnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_intrusionnetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnorth americanoticeoceaniaosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingperupgp signphishingphishing attackphishing trapping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible malware distributionpotential intrusion attemptpotential malware uploadpotential_intrusionprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attackremote access attemptremote serviceremote service exploitationremote servicesremote_accessresearchresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice exploitationservice scansftp access attemptsftp attacksftp exploitation attemptsshell command executionsip brute forcesip scanningsmb brute forcesmtpsmtp attacksmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth americaspamsql injectionsql-injectionsshssh attackssh bruteforcessh monitoringssh-brutessh_brute_forcestaging_serversuricata alertsswedensystem accesst1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1552.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantcp-scanningtelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized_access_attemptunited kingdomunited statesus abuseus nonevalid accountsvoidtrapvoipvoip attackvpsvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficweb-attack
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
29
Reports
First seenFeb 19, 2024
Last seenJun 6, 2026
GeolocationPE
CountryPeru
LocationSanta Anita - Los Ficus, Lima region
ASNAS6147
OrgINTEGRATEL PERÚ S.A.A
Coords-12.0505, -76.9734
VirusTotal
Not checked
WHOIS
- description
- Bruteforce hitting the server at TCP port 22 SSH. Same IP should not appear more than once in 24 hours in this list.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 7 days ago
Appeared in 29 threat reports