IOC Radar
IPMediumSignal 28/100

185.53.90.97

Location
EstoniaEstonia
Tallinn, Harjumaa
ASN
AS3920
ESTOXY OU
First Seen
Apr 24, 2024
Last Seen
Mar 24, 2026
Apr 24
First Seen
777d ago
Mar 24
Last Seen
78d ago
6
Reports
source reports
28%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
28%
Signal Score
28 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Network Information

CountryEEEstonia
RegionTallinn, Harjumaa
ASNAS3920
OrganizationESTOXY OU

Feed Intelligence Summary

6 reports28% confidence
6
Source reports
28%
Confidence score
Category tags
active scanningattackbelizebotnetbrute forcecisco devicecisco exploitation attemptcommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential stuffingdata exfiltrationdecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingestoniaeuropeexploit probingftpftp brute forcehoneytrap honeypothttp scanningics securityindicatorindustrial control systemsinitial accessiot/ics attackipphoney honeypotlamplamp exploit attemptlithuaniamalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork scanningnetwork securitypotential compromiseprocess injectionprotocol abusereconnaissanceremote servicesresearchedresource developmentresource hijackingsentrypeer botnetsftp attacksip brute forcesip scanningssh attackssh monitoringt1021t1040t1041t1046t1055t1059t1068t1071.001t1078t1110t1110.002t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1583t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat detectionthreat intelligenceunauthorized accessvoipvoip attack

Activity Timeline

1 total obs
Mar 24Mar 24

Threat Activity Heatmap

· Peak: 2026-03-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
28
SIGNAL
Signal Score
28%
Confidence
6
Reports
First seenApr 24, 2024
Last seenMar 24, 2026
GeolocationEE
CountryEstonia
LocationTallinn, Harjumaa
ASNAS3920
OrgESTOXY OU
Coords17.2528, -88.7465

VirusTotal

Not checked

WHOIS

description
2025-07-05T22:40:58.492Z Honeypot : ConPot : Source: 185.53.90.97 : Port: 10001 Data Type: guardian_ast Event Type: NEW_CONNECTION
raw
Socket not responding: [Errno 111] Connection refused
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 6 threat reports