IOC Radar
IPMediumSignal 42/100

176.28.201.236

Location
JordanJordan
Amman, AM
ASN
AS48832
ZAIN
First Seen
Feb 21, 2025
Last Seen
Apr 24, 2026
Feb 21
First Seen
478d ago
Apr 24
Last Seen
52d ago
17
Reports
source reports
42%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryJOJordan
RegionAmman, AM
ASNAS48832
OrganizationZAIN

Feed Intelligence Summary

17 reports42% confidence
17
Source reports
42%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasnattackaustraliaauthenticationauthentication attackauthentication attacksauthentication failurebad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcbrute-forcebrute_forcecliftoncocos (keeling) islandscommand and controlcommunication protocolcompromise attemptcompromised credentialscowrie honeypotcredential accesscredential stuffingctadata exfiltrationdata store exposureddosddos attemptdecoy systemdenial of servicedigitalocean vpsdistributed attackseuropeexploitation activityfail2ban triggeredfailed loginftpftp brute forceftp brute-forcegeographic locationgeoiphackinghttp scanneridentity & access exploitationindicatorinfoinformation technologyinjection activityit infrastructurejojordanlogin attacklogin attemptlogin attemptslogin_failuremalicious activitymalicious softwaremalwarenetworknetwork intrusionnetwork reconnaissancenetwork scannetwork scanningnetwork security monitoringnoticeoceaniapassword attackpassword attacksphishingpotential_intrusionprocess injectionreconnaissanceremote accessresearchedscannersecurity operationssecurity policyself-signedserver attacksftp attacksmtpsmtp brute forcesoftware developmentsshssh attackssh brute-force attemptssh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1588t1588.002t1589t1589.002t1595t1595.001t1595.002t1595.003threat actorthreat intelligencethreat preventiontor nodeunited kingdomutc+1:00vpsvps securityweb applicationweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
17
Reports
First seenFeb 21, 2025
Last seenApr 24, 2026
GeolocationJO
CountryJordan
LocationAmman, AM
ASNAS48832
OrgZAIN
Coords31.9522, 35.9390

VirusTotal

Not checked

WHOIS

description
timestamp=2025-05-30 22:37:25,595 CC=JO ASN=48832 Jordanian mobile phone services Ltd latitude=31.9555 longitude=35.9435
raw
inetnum: 176.28.128.0 - 176.28.255.255 netname: JO-ZAIN country: JO admin-c: ND2932-RIPE tech-c: ND2932-RIPE status: ASSIGNED PA mnt-by: LINKdotNET-RIPE-MNT mnt-by: LINK-RIPE-MNT created: 2016-12-22T07:33:19Z last-modified: 2016-12-22T07:33:19Z source: RIPE role: Network Department address: Amman Jordan abuse-mailbox: [email protected] nic-hdl: ND2932-RIPE mnt-by: LINKDOTNET-RIPE-MNT created: 2015-06-09T09:06:42Z last-modified: 2019-09-01T08:50:53Z source: RIPE # Filtered route: 176.28.128.0/17 descr: ZAIN-JO origin: AS48832 remarks: mnt-by: LINKdotNET-RIPE-MNT created: 2017-10-05T11:52:43Z last-modified: 2017-10-05T11:52:43Z source: RIPE
references
https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 17 threat reports