IOC Radar
IPMediumSignal 55/100

170.130.204.74

Location
United StatesUnited States
Los Angeles, CA
ASN
AS62904
ServerHub Los Angeles
First Seen
Sep 3, 2023
Last Seen
Jun 3, 2026
Sep 3
First Seen
1021d ago
Jun 3
Last Seen
17d ago
24
Reports
source reports
55%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryUSUnited States
RegionLos Angeles, CA
ASNAS62904
OrganizationServerHub Los Angeles

Feed Intelligence Summary

24 reports55% confidence
24
Source reports
55%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningaptattackaustraliaauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblocklist_allbotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcec&ccanadaciscocisco devicecisco exploitation attemptcisco network devicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommon vulnerabilitiescommunication protocolcompromised hostconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-harvestingcve exploitationdata encryptiondata exfiltrationdata store exposuredatabase securitydatabase-serverddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdirectory traversaldistributed attacksdnsdns attackemailencryptionenterprise networkingenv-huntingexploitexploit kitexploitation activityexploitation attemptexploited hostexternal access attemptsfattftpftp brute forcehackinghoneytrap honeypothttphttp brute forcehttp scannerhttp/sics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksinput validationinternet-facingintrusion detectioniot securityiot/ics attackip-address-ioclamplamp stacklateral movementlinux serverslinux systemslinux-systemload balancermailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware propagationmanualnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork-devicenginxnorth americaoceaniaopenctip0fpassword attacksphishingphishing attackphishing trapping of deathportscanprobingprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssensor-taggedsentrypeer botnetservice scanservice scanningsftpsftp attacksipsip brute forcesip scanningsmtpsocial engineeringsshssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1590t1590.006t1592.002t1595t1595.001t1595.002t1595.003t1608tannertcp scantcp/80telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetsecudp scanunited statesunknown threat actorusvoipvoip attackvulnerability scanvulnerability-exploitationvultrwafweak credentialsweb app attackweb application attackweb application scanningweb attackweb exploitationweb scannerweb trafficweb-serverwebscanwebscannerxss

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
24
Reports
First seenSep 3, 2023
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, CA
ASNAS62904
OrgServerHub Los Angeles
Coords34.0494, -118.2661

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Eonix Corporation EONIX (NET-170-130-0-0-1) 170.130.0.0 - 170.130.255.255 ServerHub Los Angeles SERVERHUB-LOS-ANGELES (NET-170-130-204-0-1) 170.130.204.0 - 170.130.204.255
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-25/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 17 days ago
Appeared in 24 threat reports