IOC Radar
IPMediumSignal 81/100

196.189.124.195

Location
EthiopiaEthiopia
Addis Ababa, Addis Ababa
ASN
AS24757
Ethio Telecom
First Seen
Dec 29, 2022
Last Seen
Jun 7, 2026
Dec 29
First Seen
1263d ago
Jun 7
Last Seen
7d ago
30
Reports
source reports
81%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryETEthiopia
RegionAddis Ababa, Addis Ababa
ASNAS24757
OrganizationEthio Telecom

Feed Intelligence Summary

30 reports81% confidence
30
Source reports
81%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaggressive-detectionaptasiaasnattackattack sourceattack source ipattack source: gbattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication failuresauthentication_attemptsauthentication_failuresauto-generated securityautomated attackautomated attacksbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebruteforcec2 communicationchinacisco devicecliftoncloud infrastructurecloud infrastructure attackcloud servicescocos (keeling) islandscommand & controlcommand and controlcommunication protocolcompromise attemptcompromised credentialscompromised hostconnection-resetcowrie honeypotcredential accesscredential attackscredential compromise attemptcredential harvestingcredential stuffingcredential_stuffingdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedenial-of-servicedevice compromise attemptsdevice managementdictionary attackdigital oceandigitalocean vpsdistributed attacksenterprise networkingetethiopiaeuropeexploitation activityexploited hostexport-to-otxexternal remote servicesfail2ban eventfail2ban triggeredfailed loginfailed login attemptsfranceftpftp brute forceftp brute-forcegeographic locationgeoiphackinghoneypot 24h activityhoneytrap honeypothttp brute forceidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinternet-wide observationintrusion detectionipv4 addressesit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlcialinux systemslog analysisloginlogin attacklogin attemptlogin brute forcelow-riskmalaysiamalicious activitymalicious domainsmalicious infrastructuremalicious ip addressesmalicious network activitymalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware distributionmanualmispmultiple failed loginsnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork_attacknorth americanoticeoceaniaopenctiosintpassword attackpassword attackspassword_guessingphishingphishing attackping of deathprocess injectionprotocol exploitationprotocol-probingpublic cloud targetingreconnaissancereconnaissance activityremote accessremote servicesremote_accessresearchedresource hijackingrtbhscanscannerscannersscanning activitysecure shell protocolsecurity monitoringsecurity operationssecurity policysentrypeer botnetservice scansftp attacksftp attackssftp exploitation attemptssingaporesip scansmtp brute forcesocial engineeringsoftware developmentspamsshssh attackssh brute-force attemptssh bruteforcessh monitoringssh scant-pott1005t1021t1021.002t1021.004t1040t1041t1046t1055t1056t1059t1059.004t1068t1071t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1550.002t1565t1566t1566.001t1566.002t1566.003t1587.001t1588.002t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized_access_attemptsunited kingdomunited statesunusual network activityutc+1:00valid accountsvoipvoip attackvpsvps securityvulnerability scanvultrvultr infrastructureweb app attackweb application attackweb brute forceweb exploitationweb spam

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
30
Reports
First seenDec 29, 2022
Last seenJun 7, 2026
GeolocationET
CountryEthiopia
LocationAddis Ababa, Addis Ababa
ASNAS24757
OrgEthio Telecom
Coords9.0192, 38.7525

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on Vultr Tokyo (Japan) honeypot
raw
inetnum: 196.188.0.0 - 196.191.255.255 netname: Ethiotelecom descr: Ethio Telecom country: ET org: ORG-ETC2-AFRINIC admin-c: ET4-AFRINIC admin-c: NB13-AFRINIC tech-c: BG16-AFRINIC tech-c: AL65-AFRINIC tech-c: AM190-AFRINIC tech-c: NM102-AFRINIC tech-c: MG61-AFRINIC tech-c: ETA1-AFRINIC tech-c: ET4-AFRINIC tech-c: HG14-AFRINIC tech-c: MM113-AFRINIC tech-c: TN50-AFRINIC tech-c: ETND1-AFRINIC tech-c: LR19-AFRINIC tech-c: WD4-AFRINIC status: ALLOCATED PA mnt-by: AFRINIC-HM-MNT mnt-lower: ETC-MNT mnt-routes: ETC-MNT source: AFRINIC # Filtered parent: 196.0.0.0 - 196.255.255.255 organisation: ORG-ETC2-AFRINIC org-name: Ethio Telecom org-type: LIR country: ET address: Churchill Road, P.O.box 1047 address: Addis Ababa phone: tel:+251-11-551-5777 phone: tel:+251-91-150-0137 phone: tel:+251-91-122-7040 phone: tel:+251-91-125-4629 phone: tel:+251-91-151-0433 phone: tel:+251-91-151-0096 admin-c: NB13-AFRINIC admin-c: ET4-AFRINIC tech-c: ETND1-AFRINIC tech-c: LR19-AFRINIC tech-c: WD4-AFRINIC tech-c: MM113-AFRINIC tech-c: HG14-AFRINIC tech-c: TN50-AFRINIC tech-c: ETA1-AFRINIC tech-c: ET4-AFRINIC tech-c: NM102-AFRINIC tech-c: MG61-AFRINIC tech-c: AM190-AFRINIC tech-c: BG16-AFRINIC tech-c: AL65-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-ref: ETC-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered person: Abdulhafiz Leulseged address: Bole Wolo Sefer address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-1887 nic-hdl: AL65-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-QEIVEQ6YOJPZZX90IJTUWV1CXC8JPMAL-MNT person: Akrem Mohammed address: Bole Wolo Sefer address: Addis Ababa address: Ethiopia phone: tel:+251-91-150-2746 nic-hdl: AM190-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-KYTK3P6VALRRFNHEYMDW2Y9KNKAG6L71-MNT person: Beza Getachew address: Old Airport address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-9965 nic-hdl: BG16-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-RJQFN0O87MSIRI8UQWJOIKTPE7DQ5HLC-MNT person: Ethio Telecom nic-hdl: ET4-AFRINIC address: Churchill Road address: Addis Ababa 1047 address: Ethiopia phone: tel:+251-93-001-1682 phone: tel:+251-91-110-7398 phone: tel:+251-91-124-3521 phone: tel:+251-91-121-7654 phone: tel:+251-11-531-7220 phone: tel:+251-91-151-0433 mnt-by: GENERATED-GRXPERJUPKL2DTQEXFFNEHRZHJZDFRJ7-MNT source: AFRINIC # Filtered person: Ethio Telecom Abuse address: Churchill Road address: Addis Ababa 1047 address: Ethiopia phone: tel:+251-11-531-7220 nic-hdl: ETA1-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-6PSCAZUIOKFDRJ3ENK9AHQ6UM9VEJDG5-MNT person: Ethio telecom network division nic-hdl: ETND1-AFRINIC address: Churchill Road, P.O.box 1047 address: Addis Ababa address: Ethiopia address: Addis Ababa address: Ethiopia phone: tel:+251-91-121-7654 phone: tel:+251-91-111-3094 mnt-by: GENERATED-0GMSZEZJLESMCAXHKKIZFOKMLQJZUGLK-MNT source: AFRINIC # Filtered person: Hailemariam Getachew address: Bole Wolo Sefer address: Addis Ababa address: Ethiopia phone: tel:+251-93-001-1801 nic-hdl: HG14-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-L71M19XOCEAFVHJOV0EGGR5ZATEY53SP-MNT person: Lemi Rattu address: Legahar address: Addis Ababa address: Ethiopia phone: tel:+251-91-152-2498 nic-hdl: LR19-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-76JEMU8XLEFMXIWPFVR4PSRFWVWAKLDC-MNT person: Muluken Gebremariam address: Bole Wolo Sefer address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-0173 nic-hdl: MG61-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-Q6LLDYBIKXOWKMXKAX6COGCGOKJ9ST2Y-MNT person: Michael Melaku address: Churchill Road, P.O.box 1047 address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-0096 nic-hdl: MM113-AFRINIC mnt-by: GENERATED-TIGSC5PZCC0VO3ASR4WGJCANZMXJBQ69-MNT source: AFRINIC # Filtered person: Nebiyate Belete address: ET4-AFRINIC phone: tel:+251-91-125-6562 nic-hdl: NB13-AFRINIC mnt-by: GENERATED-JBQPUS0YPN8ZTLPD6YCGNFQHT1XTFZZY-MNT source: AFRINIC # Filtered person: Nebiyu Mohamed address: Legahar address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-2284 nic-hdl: NM102-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-WF2O3MWYC0DV8OQ8SRAVFWLWBDGVDUAP-MNT person: Tesfamariam Negussie address: Old Airport address: Addis Ababa address: Ethiopia phone: tel:+251-91-151-6467 nic-hdl: TN50-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-805VC655PLN7I6F4TK153WKBMPHXDH5I-MNT person: Wondwossen Demissie address: Churchill Road, P.O.box 1047 address: Addis Ababa address: Ethiopia phone: tel:+251-91-122-0859 nic-hdl: WD4-AFRINIC mnt-by: GENERATED-MUEKUOYPKHZHWSLFMLAK9FFG45OB4HFL-MNT source: AFRINIC # Filtered route: 196.189.124.0/24 origin: AS24757 descr: Ethiotelecom mnt-by: ETC-MNT source: AFRINIC # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 7 days ago
Appeared in 30 threat reports