IOC Radar
IPMediumSignal 59/100

196.251.73.14

Location
SeychellesSeychelles
Victoria, La Rivière Anglaise
First Seen
May 15, 2025
Last Seen
Apr 6, 2026
May 15
First Seen
394d ago
Apr 6
Last Seen
69d ago
13
Reports
source reports
59%
Confidence
medium
5/91
VirusTotal
detections
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountrySCSeychelles
RegionVictoria, La Rivière Anglaise
Organization4445 Corporation

Feed Intelligence Summary

13 reports59% confidence
13
Source reports
59%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningamadeyarmasciiasyncratattackbackdoorbad reputationbase64-loaderbertbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attemptcensyscnccobaltstrikecoinminercommand and controlcommand executioncommunication protocolcredential accesscredential stuffingcryptocurrencydata encryptiondata exfiltrationdata store exposuredbatloaderddosddos attacksdecoy systemdenial of servicedistributed attacksdlldonutdropped-by-amadeyelfencodedencryptionexeexecutable fileexploit attemptsexploitation activityexploited hostextortionftp brute forcegafgytguloaderhackinghajimehavochtahttp brute forceidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackjpg-base64-loaderkraktenratlateral movementlazagnelummalummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremalware propagationmalware scanningmassloggermetasploitmeterpretermipsmirai botnetmoobotmozinetherlandsnetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningnjratopendirpassword attackspolcertprocess injectionprotocol exploitationps1purelogstealerquasarratransomwareratreconnaissanceredlinestealerremcosratremote accessremote servicesresearchedrev-base64-loadersaint helena, ascension and tristan da cunhascanscannerscriptscripting attackssecurity policyservice scanseychellessmtp brute forcesnakekeyloggersql injection attemptsssh attacksshdkitstealcsystem disruptiont1021t1021.001t1021.002t1027t1040t1046t1053.005t1055t1059t1059.001t1059.003t1059.005t1071t1071.001t1071.004t1076t1078t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1588t1595t1595.001t1595.002t1595.003t1598targeting databasetcp protocoltelnet threatthreat actorthreat intelligencethreat preventiontor nodeua-wgetvalleyratvipkeyloggerwsgidavxenoratxloaderxmrig

Activity Timeline

1 total obs
Apr 6Apr 6

Threat Activity Heatmap

· Peak: 2026-04-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, is critically significant due to its strong association with sophisticated malicious activities, including the Mirai botnet and the "bert" (Water Pombero) ransomware group. A high threat score of 58.69, coupled with its presence across multiple reputable threat intelligence feeds, indicates a severe and imminent risk. If this IOC is found within the organizational environment, it suggests an active compromise or an ongoing attack targeting cri…

Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
13
Reports
First seenMay 15, 2025
Last seenApr 6, 2026
GeolocationSC
CountrySeychelles
LocationVictoria, La Rivière Anglaise
Org4445 Corporation
Coords-4.6211, 55.4522

VirusTotal

5/ 91vendors flagged
5% detection rateJun 3, 2026

WHOIS

raw
inetnum: 196.251.73.0 - 196.251.73.255 netname: internet-secuirty-cheapyhost descr: internet-security-cheapyhost country: SC admin-c: SOV14-AFRINIC tech-c: CHY12-AFRINIC status: ASSIGNED PA remarks: https://geofeed.african.lat/ipv4.csv mnt-by: SIL3-MNT source: AFRINIC # Filtered parent: 196.251.64.0 - 196.251.127.255 role: External Abuse Team cheapy.host address: 4445 Corporation Ln. STE 264 phone: tel:+1-434-202-3662 abuse-mailbox: [email protected] nic-hdl: CHY12-AFRINIC admin-c: QS12-AFRINIC tech-c: QS12-AFRINIC mnt-by: SIL3-MNT source: AFRINIC # Filtered person: Lucas Cunha Oliveira address: 4445 Corporation Ln. STE 264 Virginia Beach, VA 23462 USA phone: tel:+1-938-204-9112 abuse-mailbox: [email protected] nic-hdl: SOV14-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-X8GLGVCSKVBKS3ADFG76SMW3PTHVYDJK-MNT route: 196.251.73.0/24 descr: internet-security-cheapyhost origin: AS401120 mnt-by: SIL3-MNT source: AFRINIC # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 13 threat reports