IOC Radar
IPMediumSignal 47/100

196.188.63.40

Location
EthiopiaEthiopia
Addis Ababa, Addis Ababa
ASN
AS24757
Bras Dhcp BL 10800e
First Seen
Mar 24, 2025
Last Seen
Apr 1, 2026
Mar 24
First Seen
445d ago
Apr 1
Last Seen
73d ago
20
Reports
source reports
47%
Confidence
medium
1/91
VirusTotal
detections
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryETEthiopia
RegionAddis Ababa, Addis Ababa
ASNAS24757
OrganizationBras Dhcp BL 10800e

Feed Intelligence Summary

20 reports47% confidence
20
Source reports
47%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapplication layer protocolattackauthentication abuseautomated attackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptc2 communicationc2 servercommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredata theftddosddos attacksdecoy systemdenial of servicedionaea honeypotdistributed attacksethiopiaeuropeexploitation activityexploited hostfailed login attemptsftp brute forcehackinghoneytrap honeypothttp brute forceidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attacklamplogin attackmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americapassword attacksprocess injectionprotocol exploitationreconnaissanceremote accessresearchedscanscannerscanning activitysecurity operationssecurity policyservice scansftp attacksmtp brute forcespamssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1046t1055t1056.001t1059t1059.001t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1573t1573.001t1595t1595.001t1595.002t1595.003tcp protocoltcp/23telnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp port scanunited kingdomunited statesvulnerability scanweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
20
Reports
First seenMar 24, 2025
Last seenApr 1, 2026
GeolocationET
CountryEthiopia
LocationAddis Ababa, Addis Ababa
ASNAS24757
OrgBras Dhcp BL 10800e
Coords7.9959, 38.0003

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 196.188.32.0 - 196.188.63.255 netname: To__BRAS_DHCP_BL-10800E descr: To__BRAS_DHCP_BL-10800E country: ET admin-c: ET4-AFRINIC tech-c: ETID1-AFRINIC status: ASSIGNED PA mnt-by: ETC-MNT source: AFRINIC # Filtered parent: 196.188.0.0 - 196.191.255.255 person: Ethio Telecom nic-hdl: ET4-AFRINIC address: Churchill Road address: Addis Ababa 1047 address: Ethiopia phone: tel:+251-93-001-1682 phone: tel:+251-91-110-7398 phone: tel:+251-91-124-3521 phone: tel:+251-91-121-7654 phone: tel:+251-11-531-7220 phone: tel:+251-91-151-0433 mnt-by: GENERATED-GRXPERJUPKL2DTQEXFFNEHRZHJZDFRJ7-MNT source: AFRINIC # Filtered person: Ethio Telecom IS Division address: Ethio telecom address: Legehar Information System division address: Addis Ababa, Ethiopia address: Addis Ababa address: Ethiopia phone: tel:+251-91-125-6562 fax-no: tel:+251-11-552-3296 nic-hdl: ETID1-AFRINIC mnt-by: GENERATED-ZPSFE1E8AGHQZZFKT4YYQSIX58FJ1MZ4-MNT source: AFRINIC # Filtered route: 196.188.48.0/20 origin: AS24757 descr: Ethiotelecom mnt-by: ETC-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 20 threat reports