IOC Radar
IPMediumSignal 85/100

202.131.230.66

Location
MongoliaMongolia
Ulan Bator, 1
ASN
AS9484
MOBINET-LL
First Seen
Apr 25, 2024
Last Seen
Mar 15, 2026
Apr 25
First Seen
779d ago
Mar 15
Last Seen
90d ago
8
Reports
source reports
85%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

27 techniques

Network Information

CountryMNMongolia
RegionUlan Bator, 1
ASNAS9484
OrganizationMOBINET-LL

Feed Intelligence Summary

8 reports85% confidence
8
Source reports
85%
Confidence score
Category tags
active scanningadbhoney honeypotantispamattackbotnetbrute forcecommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase securitydecoy systemdionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringexploitation attemptheralding attack patternindicatorlateral movementlog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemnmongolianetworknetwork intrusion attemptsnetwork scanningnetwork securityphishingphishing attackphishing trapprocess injectionpython script activityreconnaissanceremote accessresearchedresource hijackingsentrypeer botnetsftp access attemptsftp attacksocial engineeringspamssh attackssh monitoringt1021t1040t1041t1046t1055t1059t1071.001t1078t1110t1110.002t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat intelligencevoipvoip attack

Activity Timeline

1 total obs
Mar 15Mar 15

Threat Activity Heatmap

· Peak: 2026-03-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
8
Reports
First seenApr 25, 2024
Last seenMar 15, 2026
GeolocationMN
CountryMongolia
LocationUlan Bator, 1
ASNAS9484
OrgMOBINET-LL
Coords47.9173, 106.9177

VirusTotal

Not checked

WHOIS

description
2025-04-24T05:00:12.099Z Honeypot : Heralding : Source: 202.131.230.66 : Username/Password: Admin_KE/fuk19600 Port: 1080 Message: 2025-04-24 05:00:12.099223,c1488cb7-5099-441f-843f-9c3b4323c5c6,78383118-2a1a-474b-b80b-e69fd64081cd,202.131.230.66,57432,99.18.26.19,1080,socks5,Admin_KE,fuk19600,
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 8 threat reports