IOC Radar
IPMediumSignal 39/100

139.162.84.112

Location
JapanJapan
Tokyo, 13
ASN
AS63949
Linode
First Seen
Aug 26, 2020
Last Seen
Apr 20, 2026
Aug 26
First Seen
2114d ago
Apr 20
Last Seen
51d ago
17
Reports
source reports
39%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryJPJapan
RegionTokyo, 13
ASNAS63949
OrganizationLinode

Feed Intelligence Summary

17 reports39% confidence
17
Source reports
39%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotasiaattachment phishingattackauto-generated securityautomated emailbad reputationbad web botbase64base64 encodingbecbotnetbotnet activitybrute forcebrute force attackbulk emailc2 communicationcisco devicecommand & controlcommand and controlcommunication protocolcompromised hostconpot honeypotcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential phishingcredential stuffingctadata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksemailenterprise networkingexploit attemptsexploitation activityftpftp brute forcegithubgroupshackinghoneytrap activityhoneytrap honeypothttp scannerhttpsics securityidentity & access exploitationindexindicatorindustrial control systemsinformation technologyinjection activityiot securityiot/ics attackipip_net-benignipphoney honeypotjapanjplamplamp attacklamp stack attackmailoney activitymailoney honeypotmalicious activitymalicious ip activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork infrastructurenetwork intrusionnetwork scanningnetwork securitypasswordpassword attackspassword theftpayment fraudphishingphishing attackphishing campaignphishing trapprice requestprice request scamprocess injectionpythonransomwarereconnaissanceremote accessresearchedresource hijackingscams & fraudscannerscanning activityschedule themescheduled task abusescriptscripting attackssentrypeer activitysentrypeer botnetsftpsftp activitysftp attacksipsip brute forcesip scanningslugsocial engineeringsocradar honeypotsshssh attackssh monitoringsurface webt1003t1003.001t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1059.007t1071.001t1078t1078.001t1078.002t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1192t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner attacktariff server compromisetariff server themetariffs servertcp/80telecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpottpotceunauthorized access attemptverified-benignvoipvoip attackweb application attackweb attackweb exploitationweb trafficwetransfer abuse

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
17
Reports
First seenAug 26, 2020
Last seenApr 20, 2026
GeolocationJP
CountryJapan
LocationTokyo, 13
ASNAS63949
OrgLinode
Coords35.6887, 139.7450

VirusTotal

Not checked

WHOIS

description
2025-02-07T19:47:55.001Z Honeypot : Tanner : Source: 139.162.84.112 : Port: 80 Post Data: {'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '50ccea57-aa5a-45f5-808b-7357cdd07969'}}, 'version': '0.6.0'}
raw
inetnum: 139.0.0.0 - 139.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2023-04-16T10:23:23Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 17 threat reports