IPMediumSignal 60/100

`169.228.66.212`

Location

United States

San Diego, CA

ASN

AS7377

University of California, San Diego

First Seen

Oct 12, 2020

Last Seen

Jun 12, 2026

Oct 12

First Seen

2068d ago

Jun 12

Last Seen

today

Reports

source reports

60%

Confidence

medium

9/91

VirusTotal

detections

Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

83 techniques

Network Information

Country

United States

RegionSan Diego, CA

ASNAS7377

OrganizationUniversity of California, San Diego

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

26 reports60% confidence

Source reports

60%

Confidence score

Category tags

abuseaccess attemptsaccount accessaccount compromiseackack scanactive reconnaissanceactive scanactive scanninganomalous network connectionsapplication layer protocolasiaatif feedattackaustraliaaustralia network activityauthenticationauthentication failureauto-generated securityautomated threatautomated-attackbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec&cc2canadachina mobilecisco devicecisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised credentialscompromised hostconnect scancowriecowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackcredential brute-forcingcredential guessingcredential harvestingcredential stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos probedecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandigitalocean ipdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackelephant flowencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal-scanningexternal_threatfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfinfin scanfinlandfirewall detectionfranceftpftp attackftp attacksftp brute forcefull connect scangermanyhackinghigh volume traffichk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpidentity & access exploitationinbound scanindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure targetinginitial accessinitiator ipinjection activityinjection attacksinternet-facinginternet_scannersintrusion blockintrusion detectioniocipv4ipv4 port scanningipv4 scanningipv4 threatsipv4_activityjapankfsensor honeypotlamplamp server targetinglateral movementlinux systemslogin attemptlogin attemptslogin brute forcemailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious ip listmalicious ipv4malicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware propagationmalware scanningmanualmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_discoverynetwork_scannorth americanull scanoceaniaopportunistic attackeros credential dumpingos fingerprintingp0fp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible brute forcepossible malware distributionpossible reconnaissancepossible reconnaissance activitypotential malware uploadpotential vulnerability assessmentpotential vulnerability scanningprocess injectionprotocol exploitationransomwarerdp scanningreconnaissancereconnaissance activityredpiranhareferenceremote accessremote servicesresearchedresource hijackingrtbhscanscannerscanner ipscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice exploitationservice scansftp attacksip attackssip scanningsipvicious scansmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationsourcespamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanningstealth scansuricata alertsuricata alertssynsyn scansystem accesssystem discoveryt-pott1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1187t1189t1190t1199t1203t1204.002t1205t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1588.002t1588.003t1588.004t1589t1590t1590.001t1590.003t1592t1595t1595.001t1595.002t1595.003t1595: active scanningtannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantcp-scanningtelecommunicationstelnet scanningtelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat_intelligencetimeouttop10.txttopips.txttor nodetorontotpottsecudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized probingunited kingdomunited statesunknown threat actorusus noneus source ipvalid accountsvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrvultr cloud infrastructurevultr_platform_activityweb app attackweb application attackweb attackweb exploitweb exploitationweb exploitsweb serversweb shell attemptweb spamweb trafficxmasxmas scan

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenOct 12, 2020

Last seenJun 12, 2026

GeolocationUS

CountryUnited States

LocationSan Diego, CA

ASNAS7377

OrgUniversity of California, San Diego

Coords32.6917, -117.1151

VPN

VirusTotal

9/ 91vendors flagged

10% detection rateJun 12, 2026

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 169.228.0.0 - 169.228.255.255 CIDR: 169.228.0.0/16 NetName: UCSD-NET-169-228 NetHandle: NET-169-228-0-0-1 Parent: NET169 (NET-169-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: University of California, San Diego (UCSD-1) RegDate: 1995-08-04 Updated: 2012-03-02 Ref: https://rdap.arin.net/registry/ip/169.228.0.0 OrgName: University of California, San Diego OrgId: UCSD-1 Address: IT Services Address: 9500 Gilman Dr, #0903 Address: Attn: Hostmaster City: La Jolla StateProv: CA PostalCode: 92093-0903 Country: US RegDate: 1984-08-24 Updated: 2024-11-25 Comment: Please use '[email protected]' for content complaints; Comment: use '[email protected]' to report scans, probes and other Comment: security issues. Ref: https://rdap.arin.net/registry/entity/UCSD-1 OrgTechHandle: UTC1-ARIN OrgTechName: UCSD Technical Contact OrgTechPhone: +1-858-822-4040 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/UTC1-ARIN OrgAbuseHandle: UCSDA-ARIN OrgAbuseName: UCSD Abuse OrgAbusePhone: +1-858-822-4040 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/UCSDA-ARIN OrgTechHandle: NOC1807-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-858-822-0249 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC1807-ARIN OrgNOCHandle: NOC1807-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-858-822-0249 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC1807-ARIN
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://list.rtbh.com.tr/output.txt

`169.228.66.212`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy