IPMediumSignal 68/100
196.251.92.11
Location
SeychellesVictoria, La Rivière Anglaise
First Seen
Apr 8, 2025
Last Seen
May 9, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySeychelles
SeychellesRegionVictoria, La Rivière Anglaise
Organizationinternet secuirty Zhongguanchun
Feed Intelligence Summary
20 reports68% confidence
20
Source reports
68%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney exploitsadbhoney honeypotafricaaptattackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute_forcec2ciscocisco attackcisco devicecisco device targetingcisco exploit attemptscisco_exploitcommand & controlcommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcowrie ssh attackscowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdata store exposuredatabase attackdatabase enumerationdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea capturedionaea honeypotdionaea malware collectiondistributed attacksemailenterprise networkingeuropeexploitation activityexploited hostfinlandfranceftp brute forceftp brute-forcegermanyhackingheralding activityheralding behaviorhoneynet connecthoneytrap honeypothttp brute forceidentity & access exploitationimapimap attackindicatorinfostealerinitial_accessinjection activityinjection attackslamplamp attacklamp exploit attemptslamp stack targetinglamp_exploitlateral movementlogin attemptmailoney honeypotmalicious activitymalicious email activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturenetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americapassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandpossible malware probingpossible reconnaissancepotential compromiseprocess injectionprotocol exploitationreconnaissanceredlineremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssentrypeer activitysentrypeer botnetsentrypeer detectionservice scanseychellessftpsftp access attemptsftp access attemptssftp activitysftp attacksftp_attacksipsip brute forcesip scanningsip_attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp scanningsocial engineeringsouth africaspamsshssh attackssh monitoringssh_bruteforcestealert1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotceudp scanunauthorized access attemptunauthorized activityunited statesvoipvoip attackweb application attackweb application scanningweb attackweb exploitationweb spam
Activity Timeline
May 9May 9
Threat Activity Heatmap
· Peak: 2026-05-09LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
20
Reports
First seenApr 8, 2025
Last seenMay 9, 2026
GeolocationSC
CountrySeychelles
LocationVictoria, La Rivière Anglaise
Orginternet secuirty Zhongguanchun
Coords-26.2308, 28.0585
VirusTotal
Not checked
WHOIS
- description
- 2025-07-05T10:57:46.701Z Honeypot : Tanner : Source: 196.251.92.11 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': '835a5363-6718-4f09-bd97-9ede086bb0b9', 'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}}}}
- raw
- inetnum: 196.15.64.0 - 198.7.95.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2019-05-09T14:41:28Z last-modified: 2019-05-09T14:41:28Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
- references
- https://github.com/telekom-security/tpotce, https://threatfox.abuse.ch/export/csv/recent/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 20 threat reports