IOC Radar
IPMediumSignal 68/100

139.162.190.203

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS63949
Linode
First Seen
Jun 15, 2021
Last Seen
Jun 8, 2026
Jun 15
First Seen
1838d ago
Jun 8
Last Seen
20d ago
30
Reports
source reports
68%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server

Feed Intelligence Summary

30 reports68% confidence
30
Source reports
68%
Confidence score
Category tags
abuseacademic institutionsaccess controlaccount compromiseaccount securityackack scanactive scanningadbhoney honeypotadministrative accessakamaiasn1application layer protocolapplication scanningaptasiaattackauto-generated securitybanner grabbing attemptblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attemptsc2c2 communicationcertcivil servicescommand and controlcommand executioncommunication protocolcommunication securitycommunication technologiescompromised ip addressesconnect scanconpot honeypotcowrie honeypotcredential accesscredential brute forcingcredential harvestingcredential stuffingctacubadata encryptiondata exfiltrationdatabase attacksdatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedionaea honeypotdirectory traversal probedistributed attackseducationeducational resourceseducational serviceseducational technologyelasticpot honeypotelasticsearch monitoringelectronic health recordsenumerationenumeration activityenumeration attempteuropeexploited hostexternal network scanexternal scanfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfirewall probingftpftp brute forcefull connect scangeoipgermanyghostgooglegovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp brute forcehttp scannerhttp scanninghttpsicmpicmp scanics securityids evasionimapindicatorindonesiaindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinternet of thingsintrusion detectioniot botnetiot/ics attackit infrastructurek-12 educationkfsensor honeypotlateral movementlevel3loginmaimon scanmalicious activitymalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmass port scanmass port scanningmass scanningmass scanning activitymasscanmassive port scanmassive scanningmediamedical servicesmexicominimirai botnetmobile carriersmobile networksmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnmapnmap scannorth americanull port scannull scanopen port detectionopen port discoveryopen port identificationoperating systemoperating system detectionoperating system securityos credential dumpingos detectionos fingerprintingos fingerprinting attemptpassword attackpassword attackspatient carephishingphishing attackpossible malicious activitypossible reconnaissancepossible reconnaissance activitypossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanpotential attack vectorpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationprotonproxypublic administrationpublic infrastructurepublic policypublic urlransomwarereconnaissancereconnaissance activityredis brute forceredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingrtbhscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsentrypeer botnetserver exploitationservice detectionservice discoveryservice enumerationservice probingservice version detectionseznamsftp attacksip brute forcesip scanningsmtpsmtp brute forcesmtp scanningsocial engineeringsocradarsoftware developmentsql injection probessh attackssh monitoringstealth scanstealth scan techniquesstealthmode_scanopticon-benignsuspected malicious activitysweep scansynsyn port scansyn scansystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1040t1041t1046t1053t1055t1059t1059.001t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1082t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1203t1204.002t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.004t1550.003t1563t1565t1566.001t1566.002t1566.003t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertargeted scantcp port 80tcp protocoltcp scanningtelecomtelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontsectwitterudp port scanukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunsolicited network probeunsolicited port accessverified-benignvnc protocolvoipvoip attackweb attackweb exploitationweb server attackweb trafficwin32 malwarewindow scanwindows malwarexmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
30
Reports
First seenJun 15, 2021
Last seenJun 8, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS63949
OrgLinode
Coords50.1109, 8.6821
Proxy

VirusTotal

Not checked

WHOIS

description
HoneyNet Event: 139.162.190.203 connected: 7 times over ports: 8009 Tags: Suricata, P0f, Honeytrap,8009
raw
inetnum: 139.162.0.0 - 139.162.255.255 netname: EU-LINODE-20141229 descr: 139.162.0.0/16 org: ORG-LL72-RIPE country: US admin-c: TA2589-RIPE abuse-c: LAS85-RIPE tech-c: TA2589-RIPE status: LEGACY remarks: Please send abuse reports to [email protected] mnt-by: linode-mnt created: 2004-02-02T16:20:09Z last-modified: 2022-12-12T21:26:29Z source: RIPE organisation: ORG-LL72-RIPE org-name: Linode, LLC country: US org-type: LIR address: 249 Arch Street address: 19106 address: Philadelphia address: UNITED STATES phone: +16093807100 fax-no: +16093807200 admin-c: AF11785-RIPE admin-c: TA2589-RIPE tech-c: AF11785-RIPE abuse-c: LAS85-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: linode-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: linode-mnt created: 2009-11-02T13:42:45Z last-modified: 2020-12-16T13:00:31Z source: RIPE # Filtered person: Thomas Asaro address: 329 E. Jimmie Leeds Road, Suite A, Galloway, NJ 08205, USA phone: +16093807504 nic-hdl: TA2589-RIPE mnt-by: Linode-mnt created: 2009-11-02T17:17:56Z last-modified: 2014-11-20T18:51:15Z source: RIPE route: 139.162.160.0/19 origin: AS63949 descr: Akamai Technologies mnt-by: AKAM1-RIPE-MNT created: 2025-04-28T14:29:54Z last-modified: 2025-04-28T14:29:54Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://example.com, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, https://www.virustotal.com/gui/collection/789999053bd7022e2d79a887a5f959be573ce57d6c4f3165503438fbd5dd9ad5/graph, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 20 days ago
Appeared in 30 threat reports