IOC Radar
IPMediumSignal 59/100

130.12.180.95

Location
United StatesUnited States
Amsterdam, Kentucky
ASN
AS202412
Virtualine Technologies
First Seen
Dec 24, 2025
Last Seen
Jun 3, 2026
Dec 24
First Seen
179d ago
Jun 3
Last Seen
18d ago
26
Reports
source reports
59%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryUSUnited States
RegionAmsterdam, Kentucky
ASNAS202412
OrganizationVirtualine Technologies

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

26 reports59% confidence
26
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackactive scanactive scanningadbadb exploitadbhoney honeypotadministrative accessand injection attemptsapacheapache attackerapplication layer protocolaptasiaattackattack surface discoveryattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthentication abuseauthentication attackauthentication attemptsauthentication failureautomated activityautomated attackautomated attack attemptsautomated attacksautomated-attackbad reputationbad web botblacklist evasionblacklist hitblacklist ipblacklist ip activityblacklist ipsblacklisted ip activityblocklist_allblog spambotnetbotnet activitybotnet indicatorsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcecanadacisco devicecisco device attackcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised hostcompromised hostscompromised ip addresscompromised systemconpot activityconpot attackconpot honeypotcowrie activitycowrie attackcowrie attackscowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-abusecredential-accesscredential-bruteforcingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedenial-of-servicedevice managementdhcpdhcp abusedhcp discoverydhcp exploitationdigital oceandionaea activitydionaea attackdionaea attacksdionaea honeypotdistributed attacksdnsdns attackdropperelasticsearchelasticsearch brute forceelasticsearch enumerationelasticsearch exploitationelasticsearch scanningencryptionenterprise networkingeuropeexploitexploit probingexploitation activityexploitation attemptsexploited hostexternal threatexternal_threatfailed login attemptsfattfin scanfrancefraud voipftpftp brute forceftp brute-forceftp scangermanyhackingheralding activityhoneytrap honeypothttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshttps scanningics securityics/scada attackidentity & access exploitationimapimap brute forceindiaindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinitial accessinitial-accessinitial-access-attemptinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressip-addressesipv4ipv4 addressesipv4 threatsipv4_addressit infrastructurejapanlamplamp attacklamp exploitation attemptslamp stack attacklateral movementldapldap brute forceldap enumerationlogin attacklondonmailoney attackmailoney honeypotmalicious activitymalicious activity detectedmalicious adb activitymalicious ipmalicious ip addressesmalicious network activitymalicious probemalicious scanmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturememcache enumerationmemcache scanningmemcached amplificationmemcached exploitationmiraimirai botnetmobilemobile securitymssqlmssql brute forcemysql brute forcenetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork traffic analysisnetwork-reconnaissancenetwork_scannetwork_scanningnlnorth americanoticentpntp amplificationnull scanobjectoceaniaopen proxyopenctioperating systemoperating system securityopportunistic-attackoracleoracle brute forceoracle exploitationp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathport-scanport-scanningportscanpossible malware distributionpossible mirai variantpostgres brute forcepostgresql brute forcepotential vulnerability exploitationpotential vulnerability scanprivilege escalationprobing and exploitationprocess injectionprotocol exploitationproxyproxy protocolpublicly accessible infrastructureransomwarerdp scanrdp scanningreconnaissancereconnaissance activityredis brute forceredis exploitationremote accessremote access attemptremote access attemptsremote loginremote service exploitationremote servicesresearchedresource hijackingscams & fraudscanscannerscanner detectionscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice enumerationservice scansftp activitysftp attacksip brute forcesmb brute forcesmb exploitationsmb scanningsmtpsmtp brute forcesmtp scansnmp exploitationsocial engineeringsocks5socks5 proxysocks5 proxy detectionsocks5 proxyingsocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh monitoringssh scansynsystem discoveryt1018t1021t1021.001t1021.002t1021.003t1021.004t1040t1041t1046t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1589t1589.001t1589.002t1590t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnet scantelnet threattftpthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencethreat_intelligencetor nodetorontotpotudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunited kingdomunited statesunknown actorunknown threat actorvalid accountsvnc protocolvnc scanningvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr_platform_activityweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitationweb spamweb trafficweb-application-attackweb-vulnerabilityxmas scan

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
26
Reports
First seenDec 24, 2025
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationAmsterdam, Kentucky
ASNAS202412
OrgVirtualine Technologies
Coords38.1466, -85.5881
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Netiface LLC PRIVATE-NETWORK (NET-130-12-180-0-1) 130.12.180.0 - 130.12.183.255 Virtualine Technologies LANEDONET (NET-130-12-180-0-2) 130.12.180.0 - 130.12.180.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 18 days ago
Appeared in 26 threat reports