IPMediumSignal 63/100
131.106.236.175
Location
United StatesAllentown, Pennsylvania
ASN
AS6079
RCN
First Seen
Jan 13, 2021
Last Seen
Jan 30, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAllentown, Pennsylvania
ASNAS6079
OrganizationRCN
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
6 reports63% confidence
6
Source reports
63%
Confidence score
Category tags
active scanningattackbotnetbrute forcebrute force attackscisco devicecisco device targetedcommand and controlcowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdecoy systemdevice managementdionaea activitydionaea honeypotdistributed attacksenterprise networkingexploit attempthoneytrap honeypotindicatorlamplamp stacklamp stack targetinglinuxmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork service scanningnorth americaprocess injectionproxyreconnaissanceresearchedsftp attacksftp attacksssh attackssh monitoringt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1041t1046t1055t1059t1059.001t1059.004t1068t1071t1071.001t1071.004t1078t1110t1110.001t1110.002t1110.003t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1588t1588.002t1588.003t1588.004t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1596.003t1596.004t1596.005t1598t1598.001t1598.003t1598.004threat actorthreat detectionthreat intelligenceunited statesweb application attacks
Activity Timeline
Jan 30Jan 30
Threat Activity Heatmap
· Peak: 2026-01-30LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
6
Reports
First seenJan 13, 2021
Last seenJan 30, 2026
GeolocationUS
CountryUnited States
LocationAllentown, Pennsylvania
ASNAS6079
OrgRCN
Coords39.9526, -75.1652
Proxy
VirusTotal
Not checked
WHOIS
- description
- 2025-07-01T01:18:33.639Z Honeypot : Ciscoasa : Source: 131.106.236.175 : Message: {'timestamp': '2025-07-01T01:18:33.639434', 'src_ip': '131.106.236.175', 'payload_printable': '"GET /+webvpn+/index.html HTTP/1.1" 200 -'}
- raw
- NetRange: 131.106.0.0 - 131.106.255.255 CIDR: 131.106.0.0/16 NetName: RCN-BLK-29 NetHandle: NET-131-106-0-0-1 Parent: NET131 (NET-131-0-0-0-0) NetType: Direct Allocation OriginAS: AS6079 Organization: RCN (RTSL-6) RegDate: 2018-05-15 Updated: 2018-05-15 Comment: For all abuse issues, please contact [email protected] Ref: https://rdap.arin.net/registry/ip/131.106.0.0 OrgName: RCN OrgId: RTSL-6 Address: 650 College Road East City: Princeton StateProv: NJ PostalCode: 08540 Country: US RegDate: 2013-07-09 Updated: 2022-08-30 Comment: For all abuse issues, please contact [email protected] Ref: https://rdap.arin.net/registry/entity/RTSL-6 ReferralServer: rwhois://rwhois.rcn.net:4321 OrgTechHandle: ZR40-ARIN OrgTechName: RCN Corporation OrgTechPhone: +1-888-972-6622 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZR40-ARIN OrgNOCHandle: ABN3-ARIN OrgNOCName: Astound Broadband NOC OrgNOCPhone: +1-888-972-6622 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ABN3-ARIN OrgAbuseHandle: RAD75-ARIN OrgAbuseName: RCN Abuse Department OrgAbusePhone: +1-888-972-6622 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/RAD75-ARIN
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 4 months ago
Appeared in 6 threat reports