IOC Radar
IPMediumSignal 61/100

182.156.80.11

Location
IndiaIndia
Bengaluru, Maharashtra
ASN
AS45820
Tata Teleservice ISP
First Seen
Nov 18, 2024
Last Seen
Jun 12, 2026
Nov 18
First Seen
571d ago
Jun 12
Last Seen
today
27
Reports
source reports
61%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryINIndia
RegionBengaluru, Maharashtra
ASNAS45820
OrganizationTata Teleservice ISP

Feed Intelligence Summary

27 reports61% confidence
27
Source reports
61%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount enumerationaccount profilingaccount takeoveraccount-compromiseactive scanactive scanningadresse ipaptasiaattackattack attemptaustraliaauthenticationauthentication attackauthentication bypassauthentication_attackazure adbad reputationbankingbelgiumbelgium ip addressesblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebrute-force attackbrute_forcec2 communicationc2 servercisco devicecisco exploitation attemptcloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostsconpot honeypotcowriecowrie honeypotcredential accesscredential attackcredential compromisecredential harvestingcredential stuffingcredential-accesscredential-harvestingcredential_accesscredentialscredit card servicesctadata exfiltrationdata store exposuredata theftdatabase attackddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaea honeypotdistributed attacksemail-protocolenterprise networkingenumerationenv-huntingeuropeexploit attemptexploitation activityexploited hostexternal remote servicesexternal_threatfinancefinancial servicesfinancial technologyfinlandfinland activityfranceftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forceics securityidentity & access exploitationimapimap attackimap brute forceinindiaindicatorindustrial control systemsinitial accessinjection activityiociocsiot securityiot/ics attackipv4ipv4_activityipv4_addressipv4_trafficlamplamp exploitlateral movementlogin attacklogin attemptlogin attemptslogin-attackmalaysiamalicious activitymalicious ip addressesmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_discoverynginxnorth americaoceaniaopenctipassword attackpassword attackspassword crackingpassword sprayingpassword-attackpassword-guessingpayment processingphishingphishing attackpolandpop3 brute forcepotential-atoprocess injectionproject_gifted1protocol exploitationreconnaissanceremote accessremote servicesremote_accessresearchedresource hijackingsaslsasl authenticationsasl brute forcescannerscannersscanning activityscripting attackssecurity operationssecurity policyself-signedsentrypeer botnetservice enumerationservice scansftp access attemptssftp attacksingaporesip brute forcesip scanningsmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringspamsshssh attackssh monitoringssh-brutet1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583.006t1588.004t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp attacktcp brute forcetcp protocoltcp scantcp/22telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized access attemptunauthorized login attemptsunited statesvalid accountsvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb attackweb exploitationweb spamworker_strike

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
27
Reports
First seenNov 18, 2024
Last seenJun 12, 2026
GeolocationIN
CountryIndia
LocationBengaluru, Maharashtra
ASNAS45820
OrgTata Teleservice ISP
Coords18.9861, 72.8371

VirusTotal

Not checked

WHOIS

description
Wave Strike: Verified SSH Brute-Force targets (500 per pulse) - Segment wave_ab
raw
inetnum: 182.156.64.0 - 182.156.95.255 netname: TTSLMEIS-IN descr: TTSL-ISP DIVISION country: IN org: ORG-TD1-AP admin-c: TTLC1-AP tech-c: TTLC1-AP abuse-c: AT1287-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-IN-TTSLMEIS mnt-routes: MAINT-IN-TTSLMEIS mnt-irt: IRT-TTSLMEIS-IN last-modified: 2020-08-11T13:07:02Z source: APNIC irt: IRT-TTSLMEIS-IN address: TATA TELESERVICES LIMITED address: Voltas Premises, address: A, E & F Blocks, address: Chinchpokli Mumbai e-mail: [email protected] abuse-mailbox: [email protected] admin-c: TTLC1-AP tech-c: TTLC1-AP auth: # Filtered remarks: [email protected] was validated on 2025-08-21 mnt-by: MAINT-IN-TTSLMEIS last-modified: 2025-09-04T05:35:57Z source: APNIC organisation: ORG-TD1-AP org-name: TTSL-ISP DIVISION org-type: LIR country: IN address: D-26 TTC INDUSTRIAL AREA address: MIDC SANPADA address: P.O TURBHE phone: +91-22-66615168 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2024-10-17T12:55:04Z source: APNIC role: ABUSE TTSLMEISIN country: ZZ address: TATA TELESERVICES LIMITED address: Voltas Premises, address: A, E & F Blocks, address: Chinchpokli Mumbai phone: +000000000 e-mail: [email protected] admin-c: TTLC1-AP tech-c: TTLC1-AP nic-hdl: AT1287-AP remarks: Generated from irt object IRT-TTSLMEIS-IN remarks: [email protected] was validated on 2025-08-21 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-21T14:46:47Z source: APNIC role: TATA TELESERVICES LTD -- CDMA - network administr address: D26/2 TTC INDUSTRIAL AREA MIDC SANPADA country: IN phone: +91 2267438600 fax-no: +91 22-67438752 e-mail: [email protected] admin-c: KS1338-AP tech-c: KS1338-AP nic-hdl: TTLC1-AP mnt-by: MAINT-TATAINDICOM-IN last-modified: 2024-04-16T13:58:02Z source: APNIC route: 182.156.80.0/24 origin: AS45820 descr: TTSL-ISP DIVISION A,D 26 TTC INDUSTRIAL AREA MIDC SANPADA P.O TURBHE mnt-by: MAINT-IN-TTSLMEIS last-modified: 2021-04-12T06:42:46Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen today
Appeared in 27 threat reports