IOC Radar
IPMediumSignal 55/100

178.20.181.208

Location
KazakhstanKazakhstan
Astana, YAR
ASN
AS58172
FREEDOMTELECOM
First Seen
Jul 17, 2025
Last Seen
May 28, 2026
Jul 17
First Seen
329d ago
May 28
Last Seen
14d ago
9
Reports
source reports
55%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryKZKazakhstan
RegionAstana, YAR
ASNAS58172
OrganizationFREEDOMTELECOM

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

9 reports55% confidence
9
Source reports
55%
Confidence score
Category tags
abuseabuse detectionaccess controlactive scanactive scanningaerospace & defenseasiaattackaustraliabad reputationbad web botbankingblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcecommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiesconsumer goodscowriecowrie honeypotcredential accesscredential stuffingcredential theftcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedhcpdhcp attackdionaeadionaea honeypotdistributed attacksdnsdns attackelasticsearchelasticsearch brute forceencryptioneurope/asiaexploitexploitation activityexploited hostfattfinancefinancial servicesfinancial technologyfraudfraud detectionfraudulent activityftpftp attacksftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationimapimap brute forceindicatorinformation gatheringinformation technologyinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipqsit infrastructurekazakhstanlateral movementldapldap brute forcemailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionmediamemcache brute forcemilitary operationsmirai botnetmobile carriersmobile networksmssqlmssql brute forcenational securitynetworknetwork attacksnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork scannetwork scanningnetwork securityntpntp attackoceaniaoracleoracle brute forcep0fpassword attackspayment processingphishingphishing attackphishing trappostgres brute forceprocess injectionprotocol exploitationproxyproxy detectionrdp exploitationreconnaissanceredis brute forceremote accessremote servicesresearchedresource hijackingretail traderussiascams & fraudscanscannerscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationsmb brute forcesmtpsocial engineeringsocks5socks5 proxysoftware developmentspamspammingsql injectionssh attackssh attacksssh exploitationssh monitoringt1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1550.003t1562t1563t1565t1566t1567.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor detectiontor nodetpotvnc protocolvoipvoip attackvpnvpn detectionwealth managementweb app attackweb application attackweb attackweb attacksweb exploitationweb exploitsweb spamweb traffic

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
9
Reports
First seenJul 17, 2025
Last seenMay 28, 2026
GeolocationKZ
CountryKazakhstan
LocationAstana, YAR
ASNAS58172
OrgFREEDOMTELECOM
Coords57.6662, 39.6851
ProxyVPN

VirusTotal

Not checked

WHOIS

description
seen in Dionaea honeypot logs; events=45; services=smbd; ports=445; cc=KZ; asn=58172; asn_org=Freedom Data Centers LLP
raw
inetnum: 178.20.181.0 - 178.20.181.255 netname: KZ-FREEDOMTELECOM-7252 geoloc: 42.34168 69.5901 country: KZ admin-c: FTL23-RIPE tech-c: FTL23-RIPE status: SUB-ALLOCATED PA mnt-by: lir-kz-FreedomTelecom-MNT created: 2024-07-04T12:03:01Z last-modified: 2024-07-04T12:03:01Z source: RIPE role: FTEL Tech Team address: Turan Avenue, 19/2, n. p. 14 nic-hdl: FTL23-RIPE mnt-by: lir-kz-FreedomTelecom-MNT created: 2024-02-09T10:41:12Z last-modified: 2024-07-23T07:20:31Z source: RIPE # Filtered route: 178.20.181.0/24 origin: AS58172 mnt-by: lir-kz-FreedomTelecom-MNT created: 2024-07-03T04:34:05Z last-modified: 2024-07-03T04:34:05Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 14 days ago
Appeared in 9 threat reports