IOC Radar
IPMediumSignal 65/100

130.226.254.28

Location
DenmarkDenmark
Frederiksberg, Hovedstaden
ASN
AS1835
Symphogen
First Seen
Jan 7, 2024
Last Seen
Jun 10, 2026
Jan 7
First Seen
901d ago
Jun 10
Last Seen
15d ago
15
Reports
source reports
65%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Network Information

CountryDKDenmark
RegionFrederiksberg, Hovedstaden
ASNAS1835
OrganizationSymphogen

Feed Intelligence Summary

15 reports65% confidence
15
Source reports
65%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney activityadbhoney honeypotadbhoney interactionsadministrative accessaptattackaustraliaauthentication abuseauthentication attemptsbad web botblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcecisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscommand and controlcommunication protocolcompromise attemptcompromised credentials attemptcompromised hostconnectconpot activityconpot honeypotconpot ics/scada honeypotconpot interactionconpot interactionscowriecowrie activitycowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential harvestingcredential stuffingctacvedata encryptiondata exfiltrationdatabase attackdatabase probingdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenmarkdevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondistributed attacksdkdnselasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitexploit probingexploitationexploitation activityexploited hostfailed login attemptsfattftpftp attacksftp brute forcegroupshackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityimapinbound scanindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinjection attacksinternet of thingsintrusion detectioniot botnetiot exploit attemptsiot/ics attackipphoney activityipphoney honeypotlamplamp attackslamp exploitlamp exploit attemptlamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability exploitationlateral movementlateral movement techniquesmailoney honeypotmailoney interactionsmalicious activitymalicious payload detectionmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemanualmirai botnetmssqlnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniaoperating systemoperating system securityp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathportscanpossible malware distributionpossible mirai variantpotential botnet activitypotential compromisepotential exploit attemptspotential intrusionpotential malware distributionpotential vulnerability scanprivilege escalationprocess injectionprotocol abuseprotocol exploitationproxy protocolreconnaissancereconnaissance activityredis honeypotredishoneypot activityremote accessremote servicesresearchedresource developmentresource hijackingscanscannerscannersscanning activityscriptscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice enumerationservice scansftpsftp access attemptsftp activitysftp attacksftp attackssftp intrusion attemptssipsip brute forcesip scansip scanningslugsmtpsmtp brute forcesocial engineeringsocradar honeypotsql injectionsshssh attackssh attacksssh brute-forcessh monitoringsurface webt1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotudp port scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunited statesvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
15
Reports
First seenJan 7, 2024
Last seenJun 10, 2026
GeolocationDK
CountryDenmark
LocationFrederiksberg, Hovedstaden
ASNAS1835
OrgSymphogen
Coords55.7704, 12.5037

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=DK; ports=2575,2576 Location=Sydney, Australia.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 15 days ago
Appeared in 15 threat reports