IPMediumSignal 58/100

`139.162.173.209`

Location

Germany

Frankfurt am Main, HE

ASN

AS63949

Linode

First Seen

Jan 14, 2025

Last Seen

Jun 16, 2026

Jan 14

First Seen

528d ago

Jun 16

Last Seen

10d ago

Reports

source reports

58%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

58%

Signal Score

58 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

60 techniques

Network Information

Country

Germany

RegionFrankfurt am Main, HE

ASNAS63949

OrganizationLinode

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

32 reports58% confidence

Source reports

58%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningapacheapache attackeraptattackauthentication attackauthentication attemptsbad reputationbad web botblacklist activityblacklist hitblacklist ip attemptblacklist matchingblacklisted ip activityblacklisted ip detectedblocklistblocklist_allblog spambotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_force_attackbruteforcebruteforcingc2 communicationc2 servercertcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised hostscredential accesscredential brute-forcingcredential brutingcredential harvestingcredential stuffingcredential-harvestingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdedecoy systemdenial of servicedhcpdhcp abusedhcp attackdhcp attacksdhcp discoverydhcp exploitationdhcp scandhcp spoofingdictionary attackdistributed attackselasticsearchelasticsearch attackelasticsearch attackselasticsearch enumerationelasticsearch exploitationelasticsearch scanelasticsearch scanningencryptionenumerationenv-huntingeuropeexploitation activityexploited hostfailed login attemptsfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forcehttp scannerhttp scanninghttpshydraidentity & access exploitationimapimap attackimap attacksimap brute forceimap intrusioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet_probeinvalid credentialsiociot securityiot targetedlateral movementldapldap attackldap attacksldap brute forceldap enumerationldap scanlogin attemptlogin attemptsmalicious activitymalicious softwaremalwaremalware distributionmanualmass_scanning_campaignmasscanmedusamemcache attackmemcache enumerationmemcache exploitationmemcache scanningmemcached amplificationmemcached attacksmemcached exploitationmemcached scanmicrosoft sql servermssqlmssql attackmssql attacksmssql brute forcemssql enumerationnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxnmapnmap scannorth americantpntp amplificationntp attackntp attacksntp enumerationntp scanopenctioracleoracle attackoracle attacksoracle brute forceoracle databaseoracle enumerationoracle exploitationpassword attackpassword attackspassword sprayingphishingphishing attackping of deathpolandpossible reconnaissancepostgrespostgres brute forcepostgres enumerationpostgresql attackpostgresql attackspostgresql brute forcepotential botnet activitypotential compromiseprocess injectionprotocol exploitationproxyqhnoneypot activityqhoneypot activityqhoneypot detectionqhoneypot interactionqhoneypot interactionsransomwarereconnaissancereconnaissance activityredisredis attacksredis brute forceredis enumerationredis exploitationremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activitysecurity operationssecurity policyserver exploitationservice discoveryservice enumerationservice scanservice_enumerationsmbsmb attackssmb brute forcesmb exploitationsmtpsmtp attackersmtp brute forcesnmpsnmp attackssnmp enumerationsnmp exploitationsnmp scansocial engineeringsocks5socks5 proxysocks5 proxy abusesocks5 proxy activitysocks5 proxy detectionsocks5 proxy usesocks5 proxyingsocradarsocradar honeypotspamsql brute forcesql injectionsshssh attackssh attackssyn port scansyn scant1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet attackstelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized_access_attemptunited statesvalid accountsvncvnc attacksvnc protocolvnc scanvnc scanningvulnerability scanvultrvultr infrastructureweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

58%

Confidence

Reports

First seenJan 14, 2025

Last seenJun 16, 2026

GeolocationDE

CountryGermany

LocationFrankfurt am Main, HE

ASNAS63949

OrgLinode

Coords50.1188, 8.6843

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected attempting to brute force REDIS on Vultr Paris (France) honeypot
raw: inetnum: 139.162.0.0 - 139.162.255.255 netname: EU-LINODE-20141229 descr: 139.162.0.0/16 org: ORG-LL72-RIPE country: US admin-c: TA2589-RIPE abuse-c: LAS85-RIPE tech-c: TA2589-RIPE status: LEGACY remarks: Please send abuse reports to [email protected] mnt-by: linode-mnt created: 2004-02-02T16:20:09Z last-modified: 2022-12-12T21:26:29Z source: RIPE organisation: ORG-LL72-RIPE org-name: Linode, LLC country: US org-type: LIR address: 249 Arch Street address: 19106 address: Philadelphia address: UNITED STATES phone: +16093807100 fax-no: +16093807200 admin-c: NARA1-RIPE admin-c: NARA1-RIPE tech-c: NARA1-RIPE abuse-c: LAS85-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: linode-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: linode-mnt created: 2009-11-02T13:42:45Z last-modified: 2025-09-03T15:04:01Z source: RIPE # Filtered person: Thomas Asaro address: 329 E. Jimmie Leeds Road, Suite A, Galloway, NJ 08205, USA phone: +16093807504 nic-hdl: TA2589-RIPE mnt-by: Linode-mnt created: 2009-11-02T17:17:56Z last-modified: 2014-11-20T18:51:15Z source: RIPE route: 139.162.160.0/19 origin: AS63949 descr: Akamai Technologies mnt-by: AKAM1-RIPE-MNT created: 2025-04-28T14:29:54Z last-modified: 2025-04-28T14:29:54Z source: RIPE
references: https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2025-09-11/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2025-07-27/, https://example.com

`139.162.173.209`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey