IOC Radar
IPMediumSignal 87/100

181.94.229.11

Location
ParaguayParaguay
Caaguazú, ASU
ASN
AS27895
Telecom Personal Bs
First Seen
Jan 27, 2026
Last Seen
May 25, 2026
Jan 27
First Seen
138d ago
May 25
Last Seen
21d ago
12
Reports
source reports
87%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountryPYParaguay
RegionCaaguazú, ASU
ASNAS27895
OrganizationTelecom Personal Bs

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports87% confidence
12
Source reports
87%
Confidence score
Category tags
abuseactive scanactive scanningaptbad reputationbad web botbotnet activitybrute forcebrute force attackbrute-forcebruteforcecredential accesscredential stuffingddosdenial of servicedigital oceanexploitation activityexploited hostftp brute-forcehackingidentity & access exploitationindicatoriot securityiot targetednetworkparaguaypassword attacksportscanproxyreconnaissanceresearchedscannerscannersservice scant1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1595.001t1595.002t1595.003threat actortor nodevultrweb application attackweb exploitation

Activity Timeline

1 total obs
May 25May 25

Threat Activity Heatmap

· Peak: 2026-05-25
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
12
Reports
First seenJan 27, 2026
Last seenMay 25, 2026
GeolocationPY
CountryParaguay
LocationCaaguazú, ASU
ASNAS27895
OrgTelecom Personal Bs
Coords-25.2869, -57.6511
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 181.94.224.0/21 status: allocated aut-num: AS27895 owner: Núcleo S.A. ownerid: PY-NUSA-LACNIC responsible: Omar Monges address: Maximo Lira, 522, address: 8605 - Asuncion - CE country: PY phone: +595 21 2199000 owner-c: SES52 tech-c: SES52 abuse-c: SES52 inetrev: 181.94.224.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS2.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS3.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS4.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 inetrev: 181.94.225.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260407 AA nslastaa: 20260407 nserver: NS2.PERSONAL.NET.PY nsstat: 20260407 AA nslastaa: 20260407 nserver: NS3.PERSONAL.NET.PY nsstat: 20260407 AA nslastaa: 20260407 nserver: NS4.PERSONAL.NET.PY nsstat: 20260407 AA nslastaa: 20260407 inetrev: 181.94.226.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS2.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS3.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS4.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 inetrev: 181.94.227.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS2.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS3.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS4.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 inetrev: 181.94.228.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS2.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS3.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 nserver: NS4.PERSONAL.NET.PY nsstat: 20260410 AA nslastaa: 20260410 inetrev: 181.94.229.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS2.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS3.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 nserver: NS4.PERSONAL.NET.PY nsstat: 20260408 AA nslastaa: 20260408 inetrev: 181.94.230.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS2.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS3.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS4.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 inetrev: 181.94.231.0/24 nserver: NS1.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS2.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS3.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 nserver: NS4.PERSONAL.NET.PY nsstat: 20260409 AA nslastaa: 20260409 created: 20110919 changed: 20231207 nic-hdl: SES52 person: Sergio Da Silva e-mail: [email protected] address: Maximo Lira, 522, address: 0000 - Asuncion - Ce country: PY phone: +595 21 2199225 created: 20140805 changed: 20211228
references
https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-10/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 21 days ago
Appeared in 12 threat reports