IPMediumSignal 84/100
217.129.89.118
Location
PortugalSeia, Guarda
ASN
AS13156
Nowo Communications, S.A.
First Seen
Oct 6, 2024
Last Seen
Jan 26, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryPortugal
PortugalRegionSeia, Guarda
ASNAS13156
OrganizationNowo Communications, S.A.
Feed Intelligence Summary
11 reports84% confidence
11
Source reports
84%
Confidence score
Category tags
abuseaccess controlactive scanningattackbotnetbrute forcebrute force attackcommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingdata exfiltrationddos attacksdecoy systemdistributed attackseuropeindicatorinitial accessinternet of thingsintrusion detectioniot botnetiot/ics attackloginmalicious activitymalicious softwaremalwaremirai botnetnetworknetwork attacksnetwork intrusionnetwork reconnaissancenetwork scanningnetwork securitynorth americapassword attacksprocess injectionprotocol exploitationreconnaissanceremote accessresearchedscanscannersecurity policysftp attacksocradar honeypotssh attackssh monitoringt1021t1021.004t1040t1041t1046t1055t1059t1059.001t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003tcp protocoltcp/23telnet threatthreat actorthreat intelligencethreat preventionunited states
Activity Timeline
Jan 26Jan 26
Threat Activity Heatmap
· Peak: 2026-01-26LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
11
Reports
First seenOct 6, 2024
Last seenJan 26, 2026
GeolocationPT
CountryPortugal
LocationSeia, Guarda
ASNAS13156
OrgNowo Communications, S.A.
Coords40.3816, -7.9284
VirusTotal
Not checked
WHOIS
- description
- Logged 1 visit on 1 honeypot. Duration: 31.84s, did not supply credentials
- raw
- inetnum: 217.129.88.0 - 217.129.91.255 netname: NOWO descr: NOWO COMMUNICATIONS, S.A. descr: Internet Service Provider descr: Seia Residential Customers country: PT admin-c: CNT4-RIPE tech-c: CNT4-RIPE status: ASSIGNED PA remarks: INFRA-AW remarks: IMPORTANT: To report intrusion attempts, hacking, remarks: IMPORTANT: spamming, or other unaccepted behavior remarks: IMPORTANT: by a NOWO customer, please remarks: IMPORTANT: send a message to [email protected] mnt-by: AS13156-MNT created: 2004-04-28T12:45:21Z last-modified: 2018-02-09T15:49:35Z source: RIPE role: NOWO Network Team address: NOWO COMMUNICATIONS, S.A. address: Lugar de pocos address: Palmela address: Portugal phone: +351 21 080 10 80 fax-no: +351 21 080 10 01 abuse-mailbox: [email protected] admin-c: BG7193-RIPE admin-c: LP1252-RIPE admin-c: JR2638-RIPE tech-c: LP1252-RIPE tech-c: BG7193-RIPE tech-c: JR2638-RIPE nic-hdl: CNT4-RIPE mnt-by: AS13156-MNT created: 2003-12-12T22:40:41Z last-modified: 2025-04-14T09:56:54Z source: RIPE # Filtered route: 217.129.88.0/22 descr: NOWO COMMUNICATIONS, S.A. descr: Internet Service Provider descr: Seia Residential Customers Net origin: AS13156 mnt-by: AS13156-MNT remarks: IMPORTANT: To report intrusion attempts, hacking, remarks: IMPORTANT: spamming, or other unaccepted behavior remarks: IMPORTANT: by a NOWO customer, please remarks: IMPORTANT: send a message to [email protected] created: 2005-06-29T12:22:41Z last-modified: 2018-02-09T17:33:05Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 11 threat reports