IOC Radar
IPMediumSignal 75/100

81.192.46.36

Location
MoroccoMorocco
Rabat, 04
ASN
AS6713
Office National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM
First Seen
Dec 14, 2024
Last Seen
Jun 4, 2026
Dec 14
First Seen
546d ago
Jun 4
Last Seen
10d ago
27
Reports
source reports
75%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

65 techniques

Network Information

CountryMAMorocco
RegionRabat, 04
ASNAS6713
OrganizationOffice National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM

Feed Intelligence Summary

27 reports75% confidence
27
Source reports
75%
Confidence score
Category tags
abuseaccess attemptaccount compromiseactive scanactive scanningafricaaggressive-detectionanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaatif feedattackattack source: gbaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauto-generated securityautomated attackautomated attacksautomated threatbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblocked ip addressblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptsclifton data centercloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnection refusedconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accessctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigital oceandigitalocean vpsdionaeadionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit targetingexploitation activityexploitation attemptsexploitation of privilegeexploited hostexport-to-otxexternal ipexternal remote servicesfail2ban alertfail2ban blockfail2ban eventfail2ban triggeredfailed loginfailed login attemptsfattfilefinlandfirewall eventsfrancefraud voipftpftp brute forceftp brute-forcegame_servergermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stack targetinglateral movementlinux server targetinglogin attacklogin attemptlogin attemptslogin brute-forcelogin failurelogin securitylow-riskmamailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmispmod securitymorocconetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer protocolnetwork probenetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnorth americanoticeoceaniaopencanaryopenctiosintp0fpassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpotential intrusionprocess injectionprotocol exploitationprotocol-probingpublic-facing applicationransomwareraspberry-pireconnaissancereconnaissance activityredpiranha referenceremote accessremote access attemptremote servicesresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity operationssensor-taggedsentrypeer activitysentrypeer botnetservice enumerationservice exploitationservice scansftp access attemptsftp attackshell command executionsip brute forcesip scanningsmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh bruteforcessh monitoringssh scanningssh-brutestaging_serversystem accesst1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus noneuser executionvalid accountsvoipvoip attackvpsvulnerability scanvultrweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
27
Reports
First seenDec 14, 2024
Last seenJun 4, 2026
GeolocationMA
CountryMorocco
LocationRabat, 04
ASNAS6713
OrgOffice National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM
Coords33.9246, -6.9014

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on Vultr Paris (France) honeypot
raw
inetnum: 81.192.0.0 - 81.192.255.255 netname: MA-ONPT-20020730 descr: Office National des Postes et Telecommunications descr: PROVIDER LIR country: MA org: ORG-ONdP1-AFRINIC admin-c: SM13-AFRINIC admin-c: KA89-AFRINIC tech-c: SM13-AFRINIC status: ALLOCATED PA mnt-by: AFRINIC-HM-MNT mnt-lower: ONPT-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-ONdP1-AFRINIC org-name: Office National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM org-type: LIR country: MA address: Division Exploitation et maintenance des PFS address: MAROC TELECOM address: Avenue Hay annakhil immeuble Riad 2 address: Rabat address: Morocoo phone: tel:+212-5372-84314 phone: tel:+212-37203022 admin-c: SM13-AFRINIC admin-c: KA89-AFRINIC tech-c: SM13-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-ref: ONPT-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered person: Kaddouhi Abdelaziz address: Avenue Annakhil Maroc Telecom Rabat address: RABAT address: Morocco phone: tel:+212-5372-85549 nic-hdl: KA89-AFRINIC source: AFRINIC # Filtered mnt-by: GENERATED-P6SZUCS7GAJHPELP6WVSRCFIOV8WGIGB-MNT person: Sektaoui Marouane nic-hdl: SM13-AFRINIC address: Maroc Telecom address: Rabat address: Morocco phone: tel:+212-5376-86318 remarks: Ingenieur Reseaux remarks: Service Exploitation des Plates-formes remarks: de Services/Division Exploitation et remarks: Maintenance des Plates-formes de remarks: Services mnt-by: GENERATED-KPHLBILBATGCQACTMADSBE8WVX35UDAG-MNT source: AFRINIC # Filtered route: 81.192.0.0/16 descr: route object origin: AS36903 mnt-by: ONPT-MNT source: AFRINIC # Filtered route: 81.192.0.0/16 descr: route object origin: AS6713 mnt-by: ONPT-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-ssh-bruteforce-ip-list-2025-07-23/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 27 threat reports