IOC Radar
IPMediumSignal 100/100

61.95.157.164

Location
IndiaIndia
Hyderabad, DL
ASN
AS9498
Bharti Airtel Limited
First Seen
Dec 11, 2024
Last Seen
Apr 24, 2026
Dec 11
First Seen
549d ago
Apr 24
Last Seen
51d ago
21
Reports
source reports
99%
Confidence
medium
1/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryINIndia
RegionHyderabad, DL
ASNAS9498
OrganizationBharti Airtel Limited

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseaccess attemptactive scanactive scanningapplication layer protocolasiaatif feedattackattack origin: gbaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksbad reputationbanlist feedbinary defensebotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attemptbrute-forcbrute_forcebruteforcec2 communicationc2 servercommand & controlcommand and controlcommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata store exposuredata theftddosddos botnetdecoy systemdenial of servicedionaea honeypotdistributed attacksenumerationeuropeexploitationexploitation activityfail2ban blockfail2ban triggeredfailed login attemptsfinlandftpftp brute forcegame_servergb-originating traffichackinghoneytrap honeypothttp brute forceidentity & access exploitationimap brute forceinindiaindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructurelamplamp exploitation attemptlogin attacklogin attemptlogin failuremalicious activitymalicious domainmalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork traffic analysisnoticeoceaniapassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackpotential malware uploadprocess injectionransomwarerate limitingreconnaissanceremote accessremote servicesresearchedresource exhaustionscanscannerscanning activitysecurity eventsecurity operationsservice scansftp attackshellsip scanningsipvicious scanningsocial engineeringsocradar honeypotsoftware developmentspamspam botnetsshssh attackssh monitoringssh scanningstaging_servert1016t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.001t1059.004t1059.005t1071t1071.001t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotceudp scanunauthorized access attemptunauthorized access attemptsunauthorized activityunited kingdomvalid accountsvoipvulnerability scanweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenDec 11, 2024
Last seenApr 24, 2026
GeolocationIN
CountryIndia
LocationHyderabad, DL
ASNAS9498
OrgBharti Airtel Limited
Coords28.6328, 77.2204

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 61.95.128.0 - 61.95.255.255 netname: BHARTI-IN descr: Bharti Airtel Ltd. descr: 234, Okhla Industrial Area, descr: Phase 3 New Delhi 110020 country: IN org: ORG-BAL1-AP admin-c: NA40-AP tech-c: NA40-AP abuse-c: AB914-AP status: ALLOCATED PORTABLE remarks: for 'abuse' & 'spam' email <[email protected]> remarks: ************************************************************* remarks: This object can only modify by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your organisation remarks: account in the subject line. remarks: ************************************************************* mnt-by: APNIC-HM mnt-lower: MAINT-IN-BBIL mnt-routes: MAINT-IN-BBIL mnt-irt: IRT-BHARTI-TELEMEDIA-IN last-modified: 2020-05-16T21:36:56Z source: APNIC irt: IRT-BHARTI-TELEMEDIA-IN address: Bharti Airtel Ltd. e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NS282-AP tech-c: NS282-AP auth: # Filtered remarks: [email protected] was validated on 2025-06-01 remarks: [email protected] was validated on 2025-08-03 mnt-by: MAINT-IN-TELEMEDIA last-modified: 2025-09-04T01:01:41Z source: APNIC organisation: ORG-BAL1-AP org-name: Bharti Airtel Limited org-type: LIR country: IN address: Transport Network Group address: 234, Okhla Phase III phone: +911244282398 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:45Z source: APNIC role: ABUSE BHARTITELEMEDIAIN country: ZZ address: Bharti Airtel Ltd. phone: +000000000 e-mail: [email protected] admin-c: NS282-AP tech-c: NS282-AP nic-hdl: AB914-AP remarks: Generated from irt object IRT-BHARTI-TELEMEDIA-IN remarks: [email protected] was validated on 2025-06-01 remarks: [email protected] was validated on 2025-08-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-03T10:17:17Z source: APNIC person: Network Administrator nic-hdl: NA40-AP e-mail: [email protected] address: Bharti Airtel Ltd. address: ISP Division - Transport Network Group address: Plot no.16 , Udyog Vihar , Phase -IV , Gurgaon - 122015 , Haryana , INDIA address: Phase III, New Delhi-110020, INDIA phone: +91-124-4222222 fax-no: +91-124-4244017 country: IN mnt-by: MAINT-IN-BBIL last-modified: 2018-12-18T12:52:19Z source: APNIC route: 61.95.157.0/24 descr: BHARTI-IN descr: Bharti Airtel Limited descr: Class A ISP in INDIA . descr: 234 , OKHLA PHASE III , descr: NEW DELHI descr: INDIA country: IN origin: AS9498 mnt-by: MAINT-IN-BBIL last-modified: 2008-09-04T07:55:01Z source: APNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 21 threat reports