IOC Radar
IPMediumSignal 61/100

49.249.76.221

Location
IndiaIndia
Gurugram, Maharashtra
ASN
AS45820
Tata Teleservices Limited -GSM Division
First Seen
Dec 14, 2024
Last Seen
Jun 11, 2026
Dec 14
First Seen
546d ago
Jun 11
Last Seen
2d ago
29
Reports
source reports
61%
Confidence
medium
4/91
VirusTotal
detections
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryINIndia
RegionGurugram, Maharashtra
ASNAS45820
OrganizationTata Teleservices Limited -GSM Division

IP Category

VPN
VPN exit node

Feed Intelligence Summary

29 reports61% confidence
29
Source reports
61%
Confidence score
Category tags
abuseaccess controlaccount accessaccount enumerationaccount lockoutaccount takeover attemptactive scanactive scanningadresse ipaptasiaatif feedattackauthentication abuseauthentication attackauthentication attacksauthentication attemptauto-generated securityautomated attackazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2 communicationc2 servercloud environmentcloud infrastructurecloud infrastructure attackcommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowrie datacowrie honeypotcredential accesscredential brute forcecredential compromisecredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedistributed attackseuropeexploitation activityexploited hostfail2ban blockedfailed authenticationfailed login attemptsfinancefinancial servicesfinancial technologyfinlandfinland activityfoods and drinksfranceftp brute forcegb_origingermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapimap attackimap brute forceinindiaindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructurekill-chain exploitationkill-chain reconnaissancelateral movementlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin failuremalaysiamalicious activitymalicious softwaremalwaremalware distributionmanualmedium-riskmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork accessnetwork attacksnetwork brute forcenetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptresearchedsaslsasl authenticationsasl authentication attacksasl brute forcescannerscannersscanning activitysecurity operationssecurity policyself-signedservice scansftp attacksmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamssh attackssh monitoringswedent1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.003tcp brute forcetcp protocoltcp protocol attacktcp scantelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesvpnvpn ipvulnerability scanwazuhwealth managementweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
29
Reports
First seenDec 14, 2024
Last seenJun 11, 2026
GeolocationIN
CountryIndia
LocationGurugram, Maharashtra
ASNAS45820
OrgTata Teleservices Limited -GSM Division
Coords20.0063, 77.0060
VPN

VirusTotal

4/ 91vendors flagged
4% detection rateJun 12, 2026

WHOIS

description
Email related brute force IOCs collected mainly from hosts located in Finland
raw
inetnum: 49.249.64.0 - 49.249.127.255 netname: TATA-DOCOMO-IN descr: Tata Teleservices Limited -GSM Division descr: D 26/2 TTC INDUSTRIAL AREA MIDC SANPADA descr: PO TURBHE descr: NAVI MUMBAI country: IN org: ORG-TTLD1-AP admin-c: TTLN2-AP tech-c: TTLN2-AP abuse-c: AT1066-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-TATA-DOCOMO-IN mnt-routes: MAINT-TATA-DOCOMO-IN mnt-irt: IRT-TATA-DOCOMO-IN last-modified: 2020-08-11T13:06:54Z source: APNIC irt: IRT-TATA-DOCOMO-IN address: TATA TELESERVICES, D26, TTC IND AREA, address: MIDC SANPADA, TURBHE, NAVI MUMBAI e-mail: [email protected] abuse-mailbox: [email protected] admin-c: TTLN2-AP tech-c: TTLN2-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-TATA-DOCOMO-IN last-modified: 2025-08-06T13:10:09Z source: APNIC organisation: ORG-TTLD1-AP org-name: Tata Teleservices Limited -GSM Division org-type: LIR country: IN address: D-26, TTC INDUSTRIAL AREA MIDC SANPADA address: PO TURBHE address: NAVI MUMBAI phone: +91-22-66615168 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2024-10-17T12:56:14Z source: APNIC role: ABUSE TATADOCOMOIN country: ZZ address: TATA TELESERVICES, D26, TTC IND AREA, address: MIDC SANPADA, TURBHE, NAVI MUMBAI phone: +000000000 e-mail: [email protected] admin-c: TTLN2-AP tech-c: TTLN2-AP nic-hdl: AT1066-AP remarks: Generated from irt object IRT-TATA-DOCOMO-IN remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-06T13:10:41Z source: APNIC role: TATA TELESERVICES LIMITED - Network Administrat address: D 26/2 TTC INDUSTRIAL AREA MIDC SANPADA PO TURBHE NAVI MUMBAI 400703 country: IN phone: +91-22-67498428 fax-no: +91 22 674838752 e-mail: [email protected] admin-c: TTLN2-AP tech-c: TTLN2-AP nic-hdl: TTLN2-AP mnt-by: MAINT-TATA-DOCOMO-IN1 last-modified: 2016-10-21T05:26:36Z source: APNIC route: 49.249.76.0/24 origin: AS45820 descr: Tata Teleservices Limited -GSM Division D-26, TTC INDUSTRIAL AREA MIDC SANPADA PO TURBHE NAVI MUMBAI mnt-by: MAINT-TATA-DOCOMO-IN last-modified: 2022-08-09T15:03:02Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 days ago
Appeared in 29 threat reports