IOC Radar
IPMediumSignal 100/100

71.86.7.20

Location
United StatesUnited States
St Louis, Missouri
ASN
AS20115
Spectrum
First Seen
Oct 10, 2024
Last Seen
Feb 27, 2026
Oct 10
First Seen
615d ago
Feb 27
Last Seen
109d ago
18
Reports
source reports
99%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryUSUnited States
RegionSt Louis, Missouri
ASNAS20115
OrganizationSpectrum

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlactive scanningattackauto-generated securityazurebotnetbrute forcebrute force attackbrute force attemptbrute force attemptscentoscommand and controlcommunication protocolconnectcowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingctadata exfiltrationddosddos attacksdecoy systemdenial of servicedistributed attacksdrive-by compromiseelephant flowemailenergyexploit attemptsexploitation attemptsfailedfileftpftp brute forcegithubgroupshigh volume traffichoneytrap honeypothttp brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinternet of thingsintrusion blockintrusion detectioniociot botnetiot/ics attacklamplamp attacklateral movementloginmailoney attackmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware propagationmalware scanningmanualmirai botnetmysqlnetworknetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxnorth americaopensshpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonreconnaissanceremote accessremote servicesresearchedscanscannerscanning activityscriptsecurity policyserversftpsftp attacksftp exploit attemptslugsmtpsmtp brute forcesocial engineeringsocradar honeypotsohosql injection attemptssshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.004t1071.001t1076t1078t1078.001t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontplinkubuntuunauthorized accessunauthorized access attemptunited statesunited states of americauploadusweb server attackszabbix

Activity Timeline

1 total obs
Feb 27Feb 27

Threat Activity Heatmap

· Peak: 2026-02-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenOct 10, 2024
Last seenFeb 27, 2026
GeolocationUS
CountryUnited States
LocationSt Louis, Missouri
ASNAS20115
OrgSpectrum
Coords38.7142, -90.2759

VirusTotal

Not checked

WHOIS

raw
Charter Communications LLC NETBLK-CHARTER-NET (NET-71-80-0-0-1) 71.80.0.0 - 71.95.255.255 Charter Communications LLC FRM-MO-71-86-0 (NET-71-86-0-0-1) 71.86.0.0 - 71.86.15.255
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/Gi7w0rm/Blogposts/main/7777Botnet/BotnetIPs/ips_xlogin_22_07_2024.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 18 threat reports