IPMediumSignal 61/100
109.105.210.89
Location
BelgiumDallas, Texas
ASN
AS21859
NSEC - Sistemas Informaticos, S.A
First Seen
Sep 18, 2025
Last Seen
Jun 11, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBelgium
BelgiumRegionDallas, Texas
ASNAS21859
OrganizationNSEC - Sistemas Informaticos, S.A
Feed Intelligence Summary
16 reports61% confidence
16
Source reports
61%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotagentalertaptasiaattackattacker-ipaustraliaautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbelgiumblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcec2chinacins activecisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommon password attackcommunication protocolcompromised credentialscompromised hostconnected devicesconpot honeypotcowriecowrie attackscowrie honeypotcowrie ssh honeypotcowrie ssh logscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea attacksdionaea honeypotdistributed attacksdnsdns attackdshield blockelasticpot honeypotelasticsearch monitoringencryptionenterprise networkinget dropeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal attackexternal-threatfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanygponhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/sicmpics securityidentity & access exploitationindiaindicatorindustrial control systemsindustrial iotinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityiot/ics attackipphoney honeypotipv4 indicatorsipv4-addresseslamplamp attacklamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinuxlinux serverslinux systemslinux-server-attacklinux_server_attackslisted sourcelogin attemptmail protocol abusemailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagationmalware_activitymozimssqlnetgearnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-reconnaissancenorth americaoceaniaopenctip0fpassword attackpassword attacksphishingphishing attackphishing trappingping of deathpolandpoor reputationportport-scanningportscanpossible malware distributionpossible mirai variantprocess injectionprotoprotocol exploitationprotocol-abuseransomwareratreconnaissanceremote accessremote access attemptremote access toolremote code executionremote servicesresearchedresource hijackingscams & fraudscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp attackssftp exploitation attemptsftp-attacksip attackssip brute forcesip scanningsip vulnerability scansmart devicessmb attackssmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringssh-brute-forcesystem accesssystembct1003t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationsteleriktelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpotudp port scanudp scanunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesunknown threat actorurlsusvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanningweb application vulnerabilityweb attackweb attacksweb exploitweb exploitationweb serverweb server attacksweb spamweb trafficweb-application-attackweb_attack
Activity Timeline
Jun 11Jun 11
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
16
Reports
First seenSep 18, 2025
Last seenJun 11, 2026
GeolocationBE
CountryBelgium
LocationDallas, Texas
ASNAS21859
OrgNSEC - Sistemas Informaticos, S.A
Coords32.7767, -96.7970
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
- raw
- inetnum: 109.105.210.0 - 109.105.210.255 netname: ICG-ZEN-DFW descr: ICG-ZEN-DFW country: EU org: ORG-NSIS5-RIPE admin-c: AR59913-RIPE tech-c: AR59913-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2025-07-15T18:21:51Z last-modified: 2025-09-16T15:11:35Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed organisation: ORG-NSIS5-RIPE org-name: NSEC - Sistemas Informaticos, S.A. country: PT org-type: LIR address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES phone: +351217252110 admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE mnt-ref: MNT-BST mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-BST created: 2020-02-21T08:44:11Z last-modified: 2021-05-12T21:00:19Z source: RIPE # Filtered role: Abuse-C Role address: Operations for Internet Census Group address: https://internet-census.org nic-hdl: AR59913-RIPE abuse-mailbox: [email protected] mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:58:21Z source: RIPE # Filtered route: 109.105.210.0/24 origin: AS21859 mnt-by: MNT-BST created: 2025-08-07T21:23:18Z last-modified: 2025-08-07T21:23:18Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 8 months ago · Last seen today
Appeared in 16 threat reports