IPMediumSignal 43/100
196.251.85.166
Location
SeychellesAmsterdam, LA
First Seen
Mar 12, 2025
Last Seen
Apr 21, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySeychelles
SeychellesRegionAmsterdam, LA
Organization4445 Corporation
Feed Intelligence Summary
13 reports43% confidence
13
Source reports
43%
Confidence score
Category tags
abuseactive scanactive scanningadb exploit attemptsadbhoney activityadbhoney honeypotadbhoney related activityafricaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptscisco devicecommand and controlcommand executioncommunication protocolcompromised credentialsconpot activityconpot honeypotconpot ics attackscowrie activitycowrie attackcowrie honeypotcowrie ssh attackscowrie ssh logscredential accesscredential stuffingdatadata exfiltrationdata store exposuredatabase access attemptdatabase attackdatabase probedatabase securitydecoy systemdevice managementdionaea activitydionaea attackdionaea honeypotdionaea malware collectiondistributed attackselasticpot activityelasticpot exploitationelasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploit attemptexploit kit activityexploitationexploitation activityexploitation of vulnerabilityexploited hostftp brute forcehackingheralding activityheralding probingheralding scan activityhoneytrap activityhoneytrap honeypothttp access attemptics attackics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityiot securityiot/ics attackipphoney activityipphoney honeypotipv4lamplamp activitylamp attacklamp exploitation attemptslcia honeynetmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetherlandsnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnigerianlpassword attackspotential intrusionprocess injectionreconnaissanceredis brute forceredis exploit attemptredis honeypotremote access attemptresearchedresource hijackingrolescscannerscripting attackssentrypeer attacksentrypeer botnetsentrypeer exploitserver exploitationservice enumerationservice exploitationservice scanseychellessftp access attemptsftp activitysftp attacksftp attackssftp attemptssftp protocol abusesip brute forcesip scanningssh attackssh monitoringt1005t1021t1021.002t1021.004t1033t1040t1041t1046t1053t1055t1057t1059t1059.004t1059.005t1059.007t1068t1069t1071.001t1078t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1498t1499.001t1499.002t1499.003t1505.004t1565t1566t1569t1589t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized access attemptunauthorized access attemptsvoipvoip attackvulnerability scanweb application scanweb application scanningweb attackweb exploitation
Activity Timeline
Apr 21Apr 21
Threat Activity Heatmap
· Peak: 2026-04-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, signals a significant and persistent threat to organizational assets, warranting immediate attention. Its identification across numerous reputable threat intelligence feeds, combined with a high criticality score of 42.76, indicates a strong likelihood of engagement in malicious activities. If left unaddressed, this IP address could be involved in various attack stages, including initial access, command and control, data exfiltration, or even …
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
13
Reports
First seenMar 12, 2025
Last seenApr 21, 2026
GeolocationSC
CountrySeychelles
LocationAmsterdam, LA
Org4445 Corporation
Coords6.4474, 3.3903
VirusTotal
Not checked
WHOIS
- description
- 2025-06-30T23:54:04.072Z Honeypot : Adbhoney : EventID/src_ip/src_url: adbhoney.session.closed196.251.85.166
- raw
- inetnum: 196.15.64.0 - 198.7.95.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2019-05-09T14:41:28Z last-modified: 2019-05-09T14:41:28Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 13 threat reports