IOC Radar
IPMediumSignal 55/100

143.42.1.191

Location
United StatesUnited States
Cedar Knolls, New Jersey
ASN
AS63949
Linode
First Seen
May 4, 2023
Last Seen
Jun 22, 2026
May 4
First Seen
1152d ago
Jun 22
Last Seen
7d ago
25
Reports
source reports
55%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

95 techniques

Network Information

CountryUSUnited States
RegionCedar Knolls, New Jersey
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server

Feed Intelligence Summary

25 reports55% confidence
25
Source reports
55%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount securityackactive reconnaissanceactive scanactive scanningadbadbhoney honeypotadministrative accessandroidanomalous network connectionsapacheapache attackeraptasiaattackattack attemptattack surface discoveryattack vectorsattacker-ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackautomated attacksbad reputationbad web botblacklist candidateblacklist ipblock listblock.txtbotnetbotnet activitybotnet communicationbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2c2 communicationcanadacertchina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised hostcompromised systemsconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential access attemptcredential access attemptscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential_attackcredentialaccessctacurlcvecyber securitycyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdefensedenial of servicedenial-of-service attemptdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropperelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal network scanexternal reconnaissanceexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinlandfirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_scangalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp_scanhttpshurricane ushydraicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-scanninginternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniocioc.ipiocsiot botnetiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-addressesipv4-iocipv4-scanningipv4_addressipv4_scanningjapankfsensor honeypotkibanalateral movementlog4potlogin attacklogin attemptlogin_attemptloginattacklondonmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious sourcemalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware infectionmalware propagationmanualmass-scanningmasscanmedpotmelbourne regionmicrosoft technologiesmirai botnetmobile threatmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnextraynmapnorth americanull scanoceaniaopen port detectionopen port identificationopen_port_discoveryoperating systemoperating system securityopportunistic attackeros fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptspossible malware distributionpossible vulnerability scanpotential intrusion attemptpotential threat actorpotential vulnerability probingpre-attackprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrcerdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice_enumerationshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh_scanstealth scansuricata alertsuricata alertssynsyn scansystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1569t1572t1583t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpotudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized probingunited kingdomunited statesunited states of americaunknown threat actorusus abuseus nonevnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb application scanweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwordpotxmasxmas scan

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

· Peak: 2026-06-22
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
25
Reports
First seenMay 4, 2023
Last seenJun 22, 2026
GeolocationUS
CountryUnited States
LocationCedar Knolls, New Jersey
ASNAS63949
OrgLinode
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Akamai Technologies, Inc. LINOD (NET-143-42-0-0-1) 143.42.0.0 - 143.42.255.255 Linode LINODE-143-42-0-0 (NET-143-42-0-0-2) 143.42.0.0 - 143.42.255.255
references
https://list.rtbh.com.tr/output.txt, https://example.com, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 7 days ago
Appeared in 25 threat reports