IOC Radar
IPMediumSignal 58/100

85.111.68.99

Location
TurkeyTurkey
Bahçelievler, 34
ASN
AS9121
TurkTelecom
First Seen
Feb 11, 2026
Last Seen
Jun 19, 2026
Feb 11
First Seen
136d ago
Jun 19
Last Seen
8d ago
23
Reports
source reports
58%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryTRTurkey
RegionBahçelievler, 34
ASNAS9121
OrganizationTurkTelecom

Feed Intelligence Summary

23 reports58% confidence
23
Source reports
58%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotapacheapache attackeraptasiaattackaustraliaauthentication bypass attemptauthentication failureautomated attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebrute_forcebruteforcecanadacisco brute forcecisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommunication protocolcompromised hostcowriecowrie attackscowrie datacowrie honeypotcredential accesscredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdhcpdictionary attackdigital oceandigitalocean ipdionaeadionaea attacksdionaea honeypotdistributed attackselasticsearchencryptionenterprise networkingenumerationeurope/asiaexploitexploit attemptexploitation activityexploited hostexternal_threatfattftpftp brute forcehackinghoneytrap honeypothttp scannerhttp scanningidentity & access exploitationimapindicators of compromiseinformation gatheringinitial accessinitial access attemptinjection activityinjection attacksinternet scaninternet-facing serviceiocsiot securityiot targetedipv4ipv4 indicatoripv4 scanningipv4_addresslamplamp attacklamp exploitation attemptslateral movementldaplinux_server_attackslogin attemptmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious ipmalicious ipsmalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware communicationmalware_activitymass scanningmiraimssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork infrastructurenetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnetwork_scanningnorth americantpoceaniaopenctioraclep0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathportscanpossible malware distributionpostgresprocess injectionprotocol exploitationproxyransomwarereconnaissanceredisremote accessremote servicesresearchedresource hijackingscanscannerscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver exploitationservice discoveryservice scansftp attacksip brute forcesip scanningsmbsmtpsmtp probingsnmpsocial engineeringsocks5socradar honeypotspamsql injectionsshssh attackssh monitoringt1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scanningtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetor nodetorontotpottrturkeyunauthorized accessunauthorized access attemptunknown threat actorvncvnc protocolvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb exploitationweb spamweb trafficweb_attack

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
23
Reports
First seenFeb 11, 2026
Last seenJun 19, 2026
GeolocationTR
CountryTurkey
LocationBahçelievler, 34
ASNAS9121
OrgTurkTelecom
Coords41.0197, 28.9757

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
inetnum: 85.96.0.0 - 85.111.255.255 netname: TR-TELEKOM-20040920 country: TR org: ORG-TT3-RIPE admin-c: TTBA1-RIPE tech-c: TTBA1-RIPE status: ALLOCATED PA remarks: To report abuse problems mail [email protected] mnt-by: RIPE-NCC-HM-MNT mnt-by: AS9121-MNT mnt-lower: AS9121-MNT mnt-domains: AS9121-MNT mnt-routes: AS9121-MNT created: 2004-09-20T13:56:30Z last-modified: 2021-07-04T23:42:03Z source: RIPE # Filtered organisation: ORG-TT3-RIPE org-name: Turk Telekomunikasyon Anonim Sirketi country: TR org-type: LIR address: Turk Telekomunikasyon A.S Turgut Ozal Blv. Aydinlikevler address: 06103 address: Ankara address: TURKEY phone: +903125550000 fax-no: +903123136589 admin-c: NK1283-RIPE admin-c: GA11360-RIPE abuse-c: AR12859-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: AS9121-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: AS9121-MNT created: 2004-04-17T12:08:15Z last-modified: 2025-12-29T13:55:10Z source: RIPE # Filtered role: TT Administrative Contact Role address: Turk Telekomunikasyon A.S Turgut Ozal Blv. Aydinlikevler address: 06103 ANKARA TURKEY phone: +90 312 555 0000 fax-no: +90 312 313 1924 admin-c: BADB3-RIPE abuse-mailbox: [email protected] tech-c: BADB3-RIPE tech-c: BADB3-RIPE tech-c: BADB3-RIPE nic-hdl: TTBA1-RIPE mnt-by: AS9121-MNT created: 2002-02-28T12:22:28Z last-modified: 2022-01-28T07:15:56Z source: RIPE # Filtered route: 85.111.0.0/17 descr: TurkTelecom origin: AS9121 mnt-by: AS9121-MNT created: 2005-03-03T15:51:10Z last-modified: 2005-03-03T15:51:10Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-telnet-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrparis-telnet-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-21/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-telnet-bruteforce-ip-list-2026-03-13/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 8 days ago
Appeared in 23 threat reports