IOC Radar
IPMediumSignal 62/100

201.159.91.2

Location
BrazilBrazil
Cassilândia, Goias
ASN
AS264927
Abenet Provedora de Acesso a Internet LTDA
First Seen
Jan 13, 2025
Last Seen
May 31, 2026
Jan 13
First Seen
515d ago
May 31
Last Seen
12d ago
16
Reports
source reports
62%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryBRBrazil
RegionCassilândia, Goias
ASNAS264927
OrganizationAbenet Provedora de Acesso a Internet LTDA

Feed Intelligence Summary

16 reports62% confidence
16
Source reports
62%
Confidence score
Category tags
abuseabusech-urlhaus-c2caccess attemptaccess controlacrstealeractive scanactive scanningarmasciiasyncratattackaustraliaauthentication bypassbackdoorbad reputationbashbitbucketblankgrabberbookingbotnetbotnet activitybotnetdomainbrbrazilbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcec2censyscobaltstrikecoinminercommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconfigcountloadercowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencyctacurldarktortilladata exfiltrationdata store exposuredcratddosddos attack indicatorsddos attacksddosagentdecoy systemdenial of servicedionaea honeypotdistributed attacksdnsdns attackdropped-by-amadeyelfencodedencryptionexeexecutable fileexploitexploit kit activityexploitation activityexploited hostfakecaptchafattftpftp brute forcegafgytgobackdoorguloaderhackinghajimehoneytrap honeypothtahttp brute forcehttp scanneridentity & access exploitationindicatorinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackjarjsonkimsukykinsinglamplinuxloginlummastealermailoney honeypotmalicious activitymalicious network activitymalicious powershell activitymalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemanualmassloggermetastealermipsmiraimirai botnetmozimsinetsupportratnetworknetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnorth americaoceaniaoffloaderopendirp0fpasswordpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationps1quasarratransomwareransomware activityratreconnaissanceredlinestealerremcos trojanremcosratremote accessremote servicesresearchedresource hijackingrev-base64-loaderrmmrustystealersaint helena, ascension and tristan da cunhascams & fraudscanscannerscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp attacksmtpsmtp brute forcesocial engineeringsocradar honeypotsouth americasql injection attemptsssh attackssh monitoringsshdkitstealct1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1056.001t1059t1059.001t1059.003t1059.004t1071t1071.001t1071.004t1078t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceua-mshtaua-wgetunited statesurlhausvenomratvidarvoipvoip attackweb app attackweb application attackweb application attacksweb exploitationweb trafficwgetwsgidavx86xmlxpertratxwormzip

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
16
Reports
First seenJan 13, 2025
Last seenMay 31, 2026
GeolocationBR
CountryBrazil
LocationCassilândia, Goias
ASNAS264927
OrgAbenet Provedora de Acesso a Internet LTDA
Coords-18.9653, -51.9264

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
Socket not responding: [Errno 111] Connection refused

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 16 threat reports