IOC Radar
IPMediumSignal 97/100

185.206.81.149

Location
IraqIraq
Erbil, Erbil Governorate
ASN
AS210021
DIL
First Seen
Dec 5, 2023
Last Seen
Feb 3, 2026
Dec 5
First Seen
934d ago
Feb 3
Last Seen
144d ago
11
Reports
source reports
97%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

26 techniques

Network Information

CountryIQIraq
RegionErbil, Erbil Governorate
ASNAS210021
OrganizationDIL

Feed Intelligence Summary

11 reports97% confidence
11
Source reports
97%
Confidence score
Category tags
active scanningadbhoney honeypotasiaattackbotnetbrute forcecommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase securitydecoy systemdionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringheralding attack patternindicatoriqiraqlateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork scanningnetwork securityphishingphishing attackphishing trapprocess injectionpython script activityreconnaissanceresearchedresource hijackingscannersentrypeer botnetsftp attacksocial engineeringssh attackssh monitoringt1021t1040t1041t1046t1055t1059t1071.001t1078t1110t1110.002t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat intelligencevoipvoip attack

Activity Timeline

1 total obs
Feb 3Feb 3

Threat Activity Heatmap

· Peak: 2026-02-03
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
11
Reports
First seenDec 5, 2023
Last seenFeb 3, 2026
GeolocationIQ
CountryIraq
LocationErbil, Erbil Governorate
ASNAS210021
OrgDIL
Coords36.1898, 44.0157

VirusTotal

Not checked

WHOIS

description
2025-04-21T04:35:15.604Z Honeypot : Heralding : Source: 185.206.81.149 : Username/Password: admIn3332/12345678 Port: 1080 Message: 2025-04-21 04:35:15.604629,da0123a9-aa2c-436e-bada-5ff037af3171,065d1905-43d8-4cf6-82f4-5de5a922c568,185.206.81.149,53577,99.18.26.18,1080,socks5,admIn3332,12345678,
raw
inetnum: 185.206.81.0 - 185.206.81.255 netname: DIL country: IQ admin-c: MK23987-RIPE tech-c: MK23987-RIPE status: ASSIGNED PA mnt-by: iq-diltechnology-1-MNT created: 2021-08-11T05:37:54Z last-modified: 2022-02-22T11:40:04Z source: RIPE role: Marwan Salih address: Erbil, Pirmam road, Erbil Media City address: 44001 address: Erbil address: IRAQ phone: +9647501877997 nic-hdl: MK23987-RIPE mnt-by: iq-diltechnology-1-MNT created: 2020-12-07T16:51:50Z last-modified: 2024-02-25T11:54:13Z source: RIPE # Filtered route: 185.206.81.0/24 origin: AS210021 mnt-by: iq-diltechnology-1-MNT created: 2020-09-14T12:07:48Z last-modified: 2022-02-22T11:52:22Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 4 months ago
Appeared in 11 threat reports