IPMediumSignal 50/100

`201.211.9.114`

Location

Venezuela, Bolivarian Republic of

Caracas, Distrito Federal

ASN

AS8048

CANTV Servicios, Venezuela

First Seen

Jun 21, 2025

Last Seen

Mar 28, 2026

Jun 21

First Seen

357d ago

Mar 28

Last Seen

76d ago

Reports

source reports

50%

Confidence

medium

1/91

VirusTotal

detections

Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

50%

Signal Score

50 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

39 techniques

Network Information

Country

Venezuela, Bolivarian Republic of

RegionCaracas, Distrito Federal

ASNAS8048

OrganizationCANTV Servicios, Venezuela

Feed Intelligence Summary

12 reports50% confidence

Source reports

50%

Confidence score

Category tags

abuseactive scanactive scanningattackbad reputationblacklisted ipbotnetbotnet activitybrute forcebrute force attackcommand and controlcompromised credentials attemptcompromised hostcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata exfiltration attemptdata store exposureddosddos attacksdecoy systemdictionary attackdionaea honeypotdistributed attacksenumerationexploitationexploitation activityfailed login attemptsftp brute forcehoneytrap honeypotidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklamplamp exploit attemptslamp exploitation attemptlateral movementmalicious activitymalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware communicationmirai botnetnetworknetwork intrusion attemptnetwork scanningnetwork securitynetwork service scanningpassword attackspassword sprayingpotential malware distributionpotential malware uploadprocess injectionransomwarereconnaissanceremote accessresearchedscannerscanning activityservice scansftp activitysftp attackshellsocradar honeypotsouth americassh attackssh monitoringt1003t1021t1021.001t1021.002t1021.004t1040t1041t1047t1055t1059t1059.004t1059.005t1059.007t1071t1071.001t1071.004t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1595t1595.001t1595.002t1595.003threat actorthreat detectionthreat intelligencetor nodetraffic anomalyunauthorized access attemptvenezuela, bolivarian republic ofvulnerability scan

Activity Timeline

1 total obs

Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

50%

Confidence

Reports

First seenJun 21, 2025

Last seenMar 28, 2026

GeolocationVE

CountryVenezuela, Bolivarian Republic of

LocationCaracas, Distrito Federal

ASNAS8048

OrgCANTV Servicios, Venezuela

Coords10.4880, -66.8792

VirusTotal

1/ 91vendors flagged

1% detection rateJun 8, 2026

WHOIS

description: dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw: Socket not responding: [Errno 111] Connection refused
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`201.211.9.114`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy