IOC Radar
IPMediumSignal 82/100

93.152.208.26

Location
South AfricaSouth Africa
Johannesburg, Gauteng
ASN
AS211486
Alferov Aleksey Aleksandrovich
First Seen
May 12, 2026
Last Seen
Jun 17, 2026
May 12
First Seen
47d ago
Jun 17
Last Seen
11d ago
16
Reports
source reports
82%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryZASouth Africa
RegionJohannesburg, Gauteng
ASNAS211486
OrganizationAlferov Aleksey Aleksandrovich

IP Category

Proxy
Proxy server

Feed Intelligence Summary

16 reports82% confidence
16
Source reports
82%
Confidence score
Category tags
abuseactive scanafricaalienvault_ransomwarebad reputationbad web botbgblocklist_allbotnet activitybrute forcebrute force attackerbrute-forcebruteforcebulgariacowrieddosddos attackdigital oceandionaeadownldreuropeexploitation activityexploited hostfattftp brute-forcehackingiot securityiot targetedmeshnetworkopen proxyp0fportscanproxyransomwareresearchresearchedscannerscannerssensor-taggedservice scansocradar honeypotsouth africasshssh attackssh-brutetannerthreat actortpotvultrwannawannacryweb app attackza

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
16
Reports
First seenMay 12, 2026
Last seenJun 17, 2026
GeolocationZA
CountrySouth Africa
LocationJohannesburg, Gauteng
ASNAS211486
OrgAlferov Aleksey Aleksandrovich
Coords-26.2056, 28.0337
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=BG; ports=8091,9446 Location=Sydney, Australia.
raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 11 days ago
Appeared in 16 threat reports
1 user flagged this