IPMediumSignal 63/100
109.105.210.85
Location
BelgiumDallas, Texas
ASN
AS21859
NSEC - Sistemas Informaticos, S.A
First Seen
Sep 18, 2025
Last Seen
Jun 17, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBelgium
BelgiumRegionDallas, Texas
ASNAS21859
OrganizationNSEC - Sistemas Informaticos, S.A
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
19 reports63% confidence
19
Source reports
63%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadb attacksadbhoney honeypotafricaandroid_attackaptasiaattackaustraliaauthentication attemptsautomated attackautomated attack attemptsautomated attacksautomated threatback orificebad reputationbad web botbelgiumblacklisted ipblog spambotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec&c communicationchinacisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentials attemptconpot honeypotcowriecowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_stuffingd-link hnapdasan gpondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase_attackddosddos attackddos attacksdecoy systemdenial of servicedevice managementdhcpdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdistributed attacksdnsdns attackegyptelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptsexploit probingexploitationexploitation activityexploitation attemptsexploitation_attemptexploited hostexternal access attemptsexternal threatfattfatt analysisfatt signaturesfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/sics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinitial accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-wide scanintrusion detectioniociot botnetiot device attacksiot devicesiot securityiot targetediot/ics attackipv4ipv4 activityipv4 scanningknown malicious iplamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementldaplinux serverslinux system exploitationlinux systemslogin attemptmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmirai botnetmobile threatmssqlnetworknetwork attacksnetwork device compromisenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_device_attacknorth americantpoceaniaoraclep0fp0f signaturesparispassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible botnet infectionpossible malware distributionpossible mirai variantprocess injectionprotocol exploitationransomwarercerdp attacksreconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice attackservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp attackssip attackssip brute forcesip scanningsmb attackssmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringsocks5socradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringsuricata alertssystem accesssystembct1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1497t1497.001t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesusvnc protocolvoipvoip attackvoip_attackvpnvpn ipvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb server attacksweb spamweb traffic
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
19
Reports
First seenSep 18, 2025
Last seenJun 17, 2026
GeolocationBE
CountryBelgium
LocationDallas, Texas
ASNAS21859
OrgNSEC - Sistemas Informaticos, S.A
Coords32.7767, -96.7970
VPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- inetnum: 109.105.210.0 - 109.105.210.255 netname: ICG-ZEN-DFW descr: ICG-ZEN-DFW country: EU org: ORG-NSIS5-RIPE admin-c: AR59913-RIPE tech-c: AR59913-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2025-07-15T18:21:51Z last-modified: 2025-09-16T15:11:35Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed organisation: ORG-NSIS5-RIPE org-name: NSEC - Sistemas Informaticos, S.A. country: PT org-type: LIR address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES phone: +351217252110 admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE mnt-ref: MNT-BST mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-BST created: 2020-02-21T08:44:11Z last-modified: 2021-05-12T21:00:19Z source: RIPE # Filtered role: Abuse-C Role address: Operations for Internet Census Group address: https://internet-census.org nic-hdl: AR59913-RIPE abuse-mailbox: [email protected] mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:58:21Z source: RIPE # Filtered route: 109.105.210.0/24 origin: AS21859 mnt-by: MNT-BST created: 2025-08-07T21:23:18Z last-modified: 2025-08-07T21:23:18Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 7 days ago
Appeared in 19 threat reports