IPMediumSignal 94/100

`65.20.139.142`

Location

Iraq

Baghdad, Baghdad

ASN

AS203214

Earthlink Telecommunications Equipment Trading & Services DMCC

First Seen

Aug 16, 2021

Last Seen

Feb 6, 2026

Aug 16

First Seen

1758d ago

Feb 6

Last Seen

124d ago

Reports

source reports

94%

Confidence

medium

1/91

VirusTotal

detections

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

94%

Signal Score

94 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

33 techniques

Network Information

Country

Iraq

RegionBaghdad, Baghdad

ASNAS203214

OrganizationEarthlink Telecommunications Equipment Trading & Services DMCC

Feed Intelligence Summary

9 reports94% confidence

Source reports

94%

Confidence score

Category tags

active scanningadbhoney attacksadbhoney honeypotasiaattackbotnetbrute forcebrute force attackcommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase securitydecoy systemdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringftp brute forceheralding attack patternindicatoriqiraqlateral movementmailoney email attacksmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork scanningnetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionpython script activityreconnaissanceresearchedresource hijackingsentrypeer botnetsftp attacksocial engineeringssh attackssh monitoringt1021t1021.002t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1195.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583.001t1595t1595.001t1595.002t1595.003tannertanner web attackstelecommunicationsthreat actorthreat intelligencevoipvoip attack

Activity Timeline

1 total obs

Feb 6Feb 6

Threat Activity Heatmap

· Peak: 2026-02-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

SIGNAL

Signal Score

94%

Confidence

Reports

First seenAug 16, 2021

Last seenFeb 6, 2026

GeolocationIQ

CountryIraq

LocationBaghdad, Baghdad

ASNAS203214

OrgEarthlink Telecommunications Equipment Trading & Services DMCC

Coords33.3364, 44.4004

VirusTotal

1/ 91vendors flagged

1% detection rateJun 8, 2026

WHOIS

description: 2025-04-20T21:37:14.590Z Honeypot : Heralding : Source: 65.20.139.142 : Username/Password: aDmin3224/12345678 Port: 1080 Message: 2025-04-20 21:37:14.590021,a5cc1c26-9dcf-48f1-8b71-a82f746eddc8,ac6dcb10-52b7-4b97-aa19-02c417999f00,65.20.139.142,48312,99.18.26.18,1080,socks5,aDmin3224,12345678,

`65.20.139.142`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy