IPMediumSignal 70/100

`220.247.224.226`

Location

Sri Lanka

Meegoda, Western

ASN

AS9329

Sri Lanka Telecom Ltd

First Seen

Feb 20, 2024

Last Seen

Jun 8, 2026

Feb 20

First Seen

841d ago

Jun 8

Last Seen

3d ago

Reports

source reports

70%

Confidence

medium

10/91

VirusTotal

detections

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

70%

Signal Score

70 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

78 techniques

Network Information

Country

Sri Lanka

RegionMeegoda, Western

ASNAS9329

OrganizationSri Lanka Telecom Ltd

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports70% confidence

Source reports

70%

Confidence score

Category tags

abuseaccess controlaccount accessaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackeraptasiaattackattack source identificationattacker-ipattempted accessattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresauthentication monitoringauthentication_failuresautomated attackautomated attack attemptsautomated attacksautomated scanautomated-attackbad reputationbad web botbanned ip addressesbanner-grabbingblock listblock.txtblocked ipblocked ip addressblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode-injectioncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential access attemptcredential attackcredential harvestingcredential stuffingcredential theftcredential-abusecredential-accesscredential-attackcredential-harvestingcredential_accesscredential_stuffingdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attemptddos preparationddos preventiondecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean platformdigitalocean vpsdionaeadionaea honeypotdionaea payloadsdiscovery phasedistributed attacksencryptionenterprise networkingenumerationenv-huntingeu cyber policieseuropeexecutable fileexploitexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal remote servicesexternal threatfail2ban alertfail2ban alertsfail2ban detectedfail2ban eventfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed loginsfattfatt detectionsfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forceftp bruteforcegb-based servergb-originating attackgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap eventshoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimap brute forceindiaindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet-wide scanintrusion detectionintrusion preventioniociot securityiot targetedipv4ipv4 activityipv4_iocit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlinux systemslkloginlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin brute forcinglogin brute-forcelogin failurelow-riskmailmail brute forcemailoney eventsmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious scanmalicious softwaremalicious trafficmalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmispmod securitymssqlnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-reconnaissancenginxnorth americanoticenull scanoceaniaopen proxyopencanaryopenctios credentials dumpingosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible malware distributionpotential botnetpotential malware uploadprocess injectionproject_gifted1protocol exploitationprotocol-probingproxypublicly accessible infrastructureransomwareraspberry-pireconnaissancereconnaissance activityreconnaissance attemptregional securityremote accessremote access attackremote access attemptremote serviceremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsserver exploitationserver securityservice enumerationservice exploitationservice scanservice scanningsftp attacksftp exploitation attemptssingaporesmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh bruteforcessh monitoringssh-brutesuricata alertsswedensyn scansystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583.006t1587.001t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcp port scanningtcp protocoltcp scantcp/22telecommunicationstelnettelnet bruteforcetelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-feedthreat-intelthreat-intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp port scanningudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized access preventionunauthorized loginunauthorized login attemptsunited kingdomunited statesunknown threat actorus abuseus nonevalid accountsvoidtrapvoidtrap-intelligencevoipvoip attackvpnvpn ipvpsvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb brute forceweb exploitweb exploitationweb spamweb trafficweb-application-attackworker_strikexmas scan

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

70%

Confidence

Reports

First seenFeb 20, 2024

Last seenJun 8, 2026

GeolocationLK

CountrySri Lanka

LocationMeegoda, Western

ASNAS9329

OrgSri Lanka Telecom Ltd

Coords6.9344, 79.8461

ProxyVPN

VirusTotal

10/ 91vendors flagged

11% detection rateJun 8, 2026

WHOIS

description: IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw: inetnum: 220.247.224.0 - 220.247.224.255 netname: SLTIDC-SLT-LK descr: INTERNET DATA CENTER - SRI LANKA TELECOM descr: DATA CENTER descr: COLOMBO country: LK admin-c: AE70-AP tech-c: AE70-AP abuse-c: AL1644-AP status: ASSIGNED NON-PORTABLE mnt-by: MNT-SLT-LK mnt-irt: IRT-LKTELECOM-LK last-modified: 2021-01-12T03:04:01Z source: APNIC irt: IRT-LKTELECOM-LK address: Internet Division address: 7th floor address: OTS Building address: Sri Lanka Telecom e-mail: [email protected] abuse-mailbox: [email protected] admin-c: AE70-AP tech-c: AE70-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-LK-ASE last-modified: 2026-05-20T13:10:06Z source: APNIC role: ABUSE LKTELECOMLK country: ZZ address: Internet Division address: 7th floor address: OTS Building address: Sri Lanka Telecom phone: +000000000 e-mail: [email protected] admin-c: AE70-AP tech-c: AE70-AP nic-hdl: AL1644-AP remarks: Generated from irt object IRT-LKTELECOM-LK remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-05-20T13:10:48Z source: APNIC person: Asela Eranda nic-hdl: AE70-AP e-mail: [email protected] address: Internet Division address: 7th floor address: OTS Building address: Sri Lanka Telecom address: Lotus Road address: Colombo-1 phone: +94-11-2021913 fax-no: +94-11-2322622 country: LK remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+- remarks: Please send all IP abuse complaints to [email protected] remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+- mnt-by: MAINT-LK-ASE last-modified: 2009-09-25T07:36:05Z source: APNIC route: 220.247.224.0/24 origin: AS9329 descr: Sri Lanka Telecom Ltd Lotus Road OTS Building. 7 / F ISP Opeartions Section mnt-by: MNT-SLT-LK last-modified: 2019-10-17T07:53:44Z source: APNIC

`220.247.224.226`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy