IOC Radar
IPMediumSignal 53/100

143.42.1.123

Location
United StatesUnited States
Cedar Knolls, New Jersey
ASN
AS63949
Linode
First Seen
May 3, 2023
Last Seen
Jun 21, 2026
May 3
First Seen
1145d ago
Jun 21
Last Seen
today
21
Reports
source reports
53%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

95 techniques

Network Information

CountryUSUnited States
RegionCedar Knolls, New Jersey
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server

Feed Intelligence Summary

21 reports53% confidence
21
Source reports
53%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadbadbhoney honeypotadminadministrative accessandroidanomalous network connectionsapacheapache attackeraptasiaattackattack attemptattack surface discoveryattack vectorsattacker-ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackautomated-attackbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listblock.txtbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcec2c2 communicationcanadachina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised hostcompromised systemsconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential access attemptcredential access attemptscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-attackcredential_attackctacurlcvecyber securitycyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdefensedenial of servicedenial-of-service attemptdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropperelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_scangalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshurricane ushydraicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial-accessinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-scanninginternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniocioc.ipiocsiot botnetiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-addressesipv4-iocipv4-scanningipv4_addressipv4_scanningjapankfsensor honeypotkibanalateral movementlog4potlogin attacklogin attemptlogin_attemptlondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ipmalicious ip activitymalicious ip blockedmalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious trafficmalicious-ipmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmanualmass port scanningmass-scanningmasscanmasscan activitymedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile securitymobile threatmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnextraynmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen_port_discoveryopenctioperating systemoperating system securityopportunistic attackeros detectionoutbound communication blockingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptspossible malware distributionpossible vulnerability probingpotential exploit attemptpotential exploit targetingpotential reconnaissance activitypotential threat actorpotential vulnerability probingpotential vulnerability scanpre-attackprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrcerdprdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice_enumerationshell accessshell access attemptsip attackssippskypesmbsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringssh_scanstealthstealth scanstealth scan techniquessuricata alertsuricata alertssynsyn port scansyn scansystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-feedthreat-intelligencethreat_actor_unknownthreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpotudpudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized probingunauthorized scanunited kingdomunited statesunited states of americaunknown threat actorusus abuseus nonevnc protocolvoidtrapvoidtrap-intelligencevoipvoip attackvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb application scanweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwgetwinwindowswordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 21Jun 21

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
21
Reports
First seenMay 3, 2023
Last seenJun 21, 2026
GeolocationUS
CountryUnited States
LocationCedar Knolls, New Jersey
ASNAS63949
OrgLinode
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Akamai Technologies, Inc. LINOD (NET-143-42-0-0-1) 143.42.0.0 - 143.42.255.255 Linode LINODE-143-42-0-0 (NET-143-42-0-0-2) 143.42.0.0 - 143.42.255.255
references
https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-09/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-08/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-06/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen today
Appeared in 21 threat reports