IOC Radar
IPMediumSignal 27/100

185.47.66.78

Location
PolandPoland
Rumia, Pomerania
ASN
AS60191
NOWATEL Sp. z o.o.
First Seen
Feb 12, 2024
Last Seen
Apr 9, 2026
Feb 12
First Seen
854d ago
Apr 9
Last Seen
67d ago
10
Reports
source reports
27%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryPLPoland
RegionRumia, Pomerania
ASNAS60191
OrganizationNOWATEL Sp. z o.o.

Feed Intelligence Summary

10 reports27% confidence
10
Source reports
27%
Confidence score
Category tags
active scanactive scanningadbhoney attacksadbhoney honeypotattackbad reputationblacklisted ip addressesbotnetbotnet activitybrute forcebrute force attackc2command & controlcommand and controlcommunication protocolcompromised hostcowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdionaea honeypotdionaea malware collectiondistributed attackseuropeexploitation activityftpftp brute forcehttp scannerhttpsidentity & access exploitationindicatorinjection activityinjection attacksintrusion detectionmailoney email attacksmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionnetworknetwork intrusion attemptsnetwork scanningnetwork securitynetwork trafficpassword attacksphishingphishing attackphishing trapplpolandprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedscannersftp attackshell access attemptssocial engineeringspamssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1195.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583.001t1595t1595.001t1595.002t1595.003tannertanner web attackstelnet threatthreat actorthreat intelligencetor nodeweb traffic

Activity Timeline

1 total obs
Apr 9Apr 9

Threat Activity Heatmap

· Peak: 2026-04-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
10
Reports
First seenFeb 12, 2024
Last seenApr 9, 2026
GeolocationPL
CountryPoland
LocationRumia, Pomerania
ASNAS60191
OrgNOWATEL Sp. z o.o.
Coords54.5709, 18.3880

VirusTotal

Not checked

WHOIS

description
2025-03-12T22:52:31.795Z Honeypot : Heralding : Source: 185.47.66.78 : Username/Password: adMIN/lonelyword Port: 1080 Message: 2025-03-12 22:52:31.795261,844238e5-5060-4c53-9251-180e2d0273ca,e0c081ab-95d0-4b72-82c9-d0aed407c1d6,185.47.66.78,52575,99.18.26.21,1080,socks5,adMIN,lonelyword,
raw
inetnum: 185.47.66.0 - 185.47.67.255 netname: NOWATEL-NET1 descr: NOWATEL Sp. z o.o. country: PL admin-c: SC15658-RIPE tech-c: SC15658-RIPE status: ASSIGNED PA mnt-by: NOWATEL created: 2014-02-07T14:45:15Z last-modified: 2014-02-07T14:45:15Z source: RIPE person: Stanislaw Czech address: Chylo?ska 10 address: Rumia 84-230 phone: +48587322591 nic-hdl: SC15658-RIPE mnt-by: NOWATEL created: 2013-12-04T08:09:51Z last-modified: 2013-12-04T08:09:51Z source: RIPE # Filtered route: 185.47.66.0/23 descr: NOWATEL Sp. z o.o. origin: AS60191 mnt-by: NOWATEL created: 2014-02-08T07:37:03Z last-modified: 2014-02-08T07:37:03Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 10 threat reports