IOC Radar
IPMediumSignal 65/100

176.29.154.32

Location
JordanJordan
Amman, Al 'Asimah
ASN
AS48832
ZAIN
First Seen
Jun 22, 2023
Last Seen
Jun 13, 2026
Jun 22
First Seen
1098d ago
Jun 13
Last Seen
11d ago
15
Reports
source reports
65%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Network Information

CountryJOJordan
RegionAmman, Al 'Asimah
ASNAS48832
OrganizationZAIN

Feed Intelligence Summary

15 reports65% confidence
15
Source reports
65%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningaptasiaattackattack source ipattacker ipsattacker-ipaustraliaauto-generated securitybad reputationbad web botblacklist candidateblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebruteforcec2c2 communicationchinaciscocisco devicecisco exploitationcisco exploitation attemptcommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostconnectcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdistributed attacksdnsdns attackemailencryptionenterprise networkingeuropeexploitexploit public-facing applicationexploitation activityexploited hostfattfranceftpftp brute forcegroupshackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackjojordanlamplamp exploitationlamp exploitation attemptslateral movementlciamailoney honeypotmalicious activitymalicious communicationmalicious domainsmalicious ipmalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmiraimirai botnetmssqlmssql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniap0fpassword attacksphishingphishing attackphishing trapportscanpotential malware distributionprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansftpsftp attacksftp attemptsingaporesipsip attackssip brute forcesip scanningslugsmbsmb brute forcesmtpsmtp brute forcesocial engineeringspamsql injectionsshssh attackssh monitoringsurface webt-pott1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.003t1059.007t1068t1071t1071.001t1071.004t1077t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1187t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized access attemptunited kingdomunited statesvoipvoip attackvulnerability scanvulnerability-exploitationweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
15
Reports
First seenJun 22, 2023
Last seenJun 13, 2026
GeolocationJO
CountryJordan
LocationAmman, Al 'Asimah
ASNAS48832
OrgZAIN
Coords30.9966, 35.9974

VirusTotal

Not checked

WHOIS

description
Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.29.154.32 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).
raw
inetnum: 176.29.0.0 - 176.29.255.255 netname: JO-ZAIN descr: Broadband Service country: JO admin-c: ND2932-RIPE tech-c: ND2932-RIPE status: ASSIGNED PA mnt-by: LINKDOTNET-RIPE-MNT created: 2015-07-05T09:11:21Z last-modified: 2015-07-05T09:11:21Z source: RIPE role: Network Department address: Amman Jordan abuse-mailbox: [email protected] nic-hdl: ND2932-RIPE mnt-by: LINKDOTNET-RIPE-MNT created: 2015-06-09T09:06:42Z last-modified: 2019-09-01T08:50:53Z source: RIPE # Filtered route: 176.29.154.0/24 descr: Zain_Jordan_Customers origin: AS48832 remarks: mnt-by: LINKdotNET-RIPE-MNT created: 2022-01-25T09:27:13Z last-modified: 2022-01-25T09:27:13Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 11 days ago
Appeared in 15 threat reports