IOC Radar
IPHighVerifiedSignal 36/100

191.178.179.227

Location
BrazilBrazil
São Luís, Maranhão
ASN
AS28573
Claro NXT Telecomunicacoes Ltda
First Seen
Apr 16, 2026
Last Seen
Apr 23, 2026
Apr 16
First Seen
58d ago
Apr 23
Last Seen
51d ago
3
Reports
source reports
36%
Confidence
high
Found in 3 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryBRBrazil
RegionSão Luís, Maranhão
ASNAS28573
OrganizationClaro NXT Telecomunicacoes Ltda

Feed Intelligence Summary

3 reports36% confidence
3
Source reports
36%
Confidence score
Category tags
bad reputationbotnet activitybrazilhttpindicatormalicious ipnetworkresearchedrobotsouth americatcp

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This report details a critical Indicator of Compromise (IOC), specifically the IPv4 address `191.178.179.227`, which carries a significant threat score of 36.33. This score, combined with its 'No' whitelist status, indicates a strong likelihood of malicious or highly suspicious activity. The presence of this IOC in an organizational environment could signify an active compromise, ranging from initial access and reconnaissance to command-and-control communications or data exfiltration attempts. S…

Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
3
Reports
First seenApr 16, 2026
Last seenApr 23, 2026
Verified IOC
GeolocationBR
CountryBrazil
LocationSão Luís, Maranhão
ASNAS28573
OrgClaro NXT Telecomunicacoes Ltda
Coords-2.5278, -44.3049

VirusTotal

Not checked

WHOIS

description
Hitting the server with good user agent, but no standard accesses. Wrong encode in header. Deceiving robot masked in common browser. Same IP should not appear more than once in 24 hours in this list.
raw
% Copyright (c) Nic.br - Use of this data is governed by the Use and inetnum: 191.176.0.0/14 aut-num: AS28573 abuse-c: GRSVI owner: Claro NXT Telecomunicacoes Ltda ownerid: 66.970.229/0001-67 responsible: Suporte Redes country: BR owner-c: GRSVI tech-c: GRSVI inetrev: 191.176.0.0/14 nserver: ns7.virtua.com.br nsstat: 20260414 AA nslastaa: 20260414 nserver: ns9.virtua.com.br [lame - not published] nsstat: 20260414 FAIL nslastaa: 20180821 nserver: ns8.virtua.com.br nsstat: 20260414 AA nslastaa: 20260414 created: 20131114 changed: 20220615 nic-hdl-br: GRSVI person: Grupo de Seguran�a V�rtua e-mail: [email protected] country: BR created: 20080512 changed: 20230704

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports