IOC Radar
IPMediumSignal 41/100

192.95.20.52

Location
CanadaCanada
Montreal, QC
ASN
AS16276
OVH Hosting, Inc.
First Seen
Sep 22, 2024
Last Seen
Jun 7, 2026
Sep 22
First Seen
629d ago
Jun 7
Last Seen
6d ago
9
Reports
source reports
41%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Network Information

CountryCACanada
RegionMontreal, QC
ASNAS16276
OrganizationOVH Hosting, Inc.

Feed Intelligence Summary

9 reports41% confidence
9
Source reports
41%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningamerican expressattackbad reputationblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcecacanadacitrix attackcitrix exploitationcitrix securitycommand and controlcommunication protocolcowriecowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase securityddosddos attemptdecoy systemdenial of servicedictionary attackdionaea honeypotdistributed attacksemailenterprise securityexploit attemptexploit probingexploitationexploitation activityfraud voipftp brute forcegithubhackinghoneytrap honeypothttp brute forcehttp probehttp probinghttp scanninghttps probehttps scanninghuaweiidentity & access exploitationimap brute forceimap scanningindicatorinformation technologyinjection activityiot attackiot securitylamplamp exploitlamp server targetlamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious login attemptsmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distribution attemptmalware scanningnation-state activitynetworknetwork enumerationnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trappop3 brute forcepop3 scanningpossible malware distributionpotential credential compromiseprocess injectionprotocol exploitationpythonransomwareransomware probereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptsremote servicesresearchedresource hijackingscams & fraudscannerscanning activityscripting attackssecurity policysentrypeer botnetsentrypeer dataservice enumerationsftpsftp attacksipsip brute forcesip exploitationsip scansip scanningslugsmtp brute forcesmtp scanningsocial engineeringsql injection attemptsshssh attackssh monitoringsurface webt1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1048t1055t1057t1059t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1539t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1588t1589t1589.002t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptsunauthorized login attemptsunauthorized network activityunited statesvoipvoip attackweb attackweb exploitationwestpac new zealand

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
9
Reports
First seenSep 22, 2024
Last seenJun 7, 2026
GeolocationCA
CountryCanada
LocationMontreal, QC
ASNAS16276
OrgOVH Hosting, Inc.
Coords45.5063, -73.5794

VirusTotal

Not checked

WHOIS

description
2025-04-14T14:49:03.388Z Honeypot : Sentrypeer : Source: 192.95.20.52 Port: 5060 Data: REGISTER sip:99.18.26.21 SIP/2.0 Via: SIP/2.0/UDP 192.95.20.52:49648;branch=z9hG4bK858504625 From: <sip:[email protected]>;tag=1303449037 To: <sip:[email protected]> Call-ID: 1031964097-2085200204-1899363464 CSeq: 1 REGISTER Contact: <sip:[email protected]:49648> Max-forwards: 70 User-agent: PolycomSoundPointIP-SPIP_450-UA/3.3.4.0085 Content-Length: 0
raw
OVH Hosting, Inc. OVH-ARIN-5 (NET-192-95-0-0-1) 192.95.0.0 - 192.95.63.255 OVH Hosting, Inc. OVH-DEDICATED-6 (NET-192-95-20-0-1) 192.95.20.0 - 192.95.20.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 9 threat reports