IOC Radar
IPMediumSignal 70/100

172.104.210.105

Location
United StatesUnited States
Cedar Knolls, New Jersey
ASN
AS63949
Linode
First Seen
Dec 6, 2022
Last Seen
Jun 9, 2026
Dec 6
First Seen
1292d ago
Jun 9
Last Seen
11d ago
30
Reports
source reports
70%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

105 techniques

Network Information

CountryUSUnited States
RegionCedar Knolls, New Jersey
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

30 reports70% confidence
30
Source reports
70%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive scanactive scanningadb exploit attemptsadbhoney activityadbhoney honeypotadvertising campaignadvertising spamapplication layer protocolaptasiaatif feedattachment phishingattackattacker-ipaustraliaauthenticationauthentication attacksauthentication attemptauto-generated securityautomated attackautomated attacksautomated emailautomated threatautomated-attackautomated_attackbad ip'sbad reputationbad web botbanlist feedbase64base64 encodingbecbinary defenseblacklist activityblacklist hitblacklist indicatorsblacklist ipblacklisted ip activityblacklisted ip detectionblock listblocklistblocklist_allblog spambotnetbotnet activitybotnet-activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcebulk emailbulk messagingc2 communicationc2 servercanadachina mobileciscocisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitation attemptscisco network devicescisco_device_attackcitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommon web exploitscommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostsconpotconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie attackscowrie capturecowrie datacowrie detectedcowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_stuffingdata encryptiondata exfiltrationdata scrapingdata store exposuredata theftdatabase attackdatabase attacksdatabase probingdatabase securitydatabase-serverdatabase_serverddosddos attackddos probedecoy systemdelhidenial of servicedevice managementdhcpdhcp discoverydhcp scandictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attacksdionaea capturedionaea detecteddionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackelasticpot activityelasticpot detectedelasticpot exploitationelasticpot honeypotelasticsearchelasticsearch brute forceelasticsearch exposureelasticsearch monitoringelasticsearch probingelasticsearch scanningemailencryptionenterprise networkingenterprise securityenumerationenv-huntingeuropeexploitexploit attemptexploit attemptsexploit kit activityexploitationexploitation activityexploitation attemptexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed services exploitationexternal access attemptsfailed authenticationfailed loginfailed login attemptsfattfatt detectionsfatt signaturesfilefinancefinlandfirewall eventsfrancefraudfraud voipfraudulent activityftpftp attackftp brute forceftp brute-forcegeckogermanygithubgroupshackinghelloheralding activityheralding probinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalyhttp scannerhttp scanninghttp/shttpshttps probeics securityidentity & access exploitationidsillegal service advertisingimapimap brute forceimap scanningindiaindia phone numbersindia spamindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access activityinitial_accessinjection activityinjection attacksinput validationintel macinternet-facinginternet-facing serviceintrusion detectioniociocsiot attackiot device targetingiot securityiot targetediot/ics attackiot_attackip-address-iocipphoney activityipphoney honeypotipsipv4kfsensor honeypotkhtmllajpat nagarlamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack exploitationlamp stack targetinglamp_stack_attacklateral movementlcialdapldap brute forceldap enumerationldap scanldap scanninglfilinux serverslinux systemslinux x8664linux-server-attacklinux-systemlinux_server_attacksload balancerloginlogin attemptlogin attemptsmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious campaignmalicious code detectionmalicious file transfermalicious payloadmalicious payload detectionmalicious softwaremalicious sshmalicious trafficmalicious-ipmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware distribution attemptmalware heraldingmalware hostingmalware propagationmalware_activitymanualmemcache scanningmemcached amplificationmemcached attackmemcached brute forcememcached exposurememcached scanmispmobilemobile securityms-sqlmssqlmssql brute forcemysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork_reconnaissancenetwork_scannginxnorth americantpntp amplificationntp scanntp scanningoceaniaopen proxyopenctioracleoracle brute forceoracle enumerationoracle scanningos credential dumpingos xp0fp0f network fingerprintingp0f signaturespasswordpassword attackpassword attackspassword sprayingpassword theftpayment fraudperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphone number spamphone spampolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible lateral movementpossible malicious activitypossible malware distributionpossible mirai variantpostgres brute forcepostgres enumerationpostgresql brute forcepostgresql scanningpotential botnet activitypotential exploit activitypotential malware distributionprice requestprice request scamprivilege escalationprobingprocess injectionprotocol exploitationprotocol scanningprotocol-abuseproxypythonransomwareransomware proberdpreconnaissanceredisredis brute forceredis exposureredis honeypotredis scanningredishoneypotremote accessremote access attemptremote access attemptsremote service exploitationremote servicesremote_access_serviceremote_serviceresearchedresource hijackingrfiscamscams & fraudscanscannerscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationserver securityservice enumerationservice scanservice scanningsex industrysex services advertisementsex worksftpsftp access attemptsftp access attemptssftp activitysftp attacksftp scanningsftp-attacksipsip attackssip brute forcesip enumerationsip scanningsip vulnerability scanningslugsmb brute forcesmb enumerationsmb scansmb scanningsmssms spamsms spam campaignsmtpsmtp brute forcesmtp probingsmtp scanningsnmp scansocial engineeringsocks5socks5 proxysocks5 proxy detectionsocks5 scanningspainspamspam advertisementspam campaignsql injectionsql injection attemptsql injection attemptssshssh attackssh brute-forcessh bruteforcessh monitoringssh-brutessh-brute-forcesurface websuricata alertssystem discoveryt1003t1003.001t1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1572t1573t1573.001t1583t1583.001t1583.006t1583.007t1584t1584.004t1587.001t1588t1588.001t1588.002t1588.003t1589t1590t1590.001t1590.004t1590.006t1591t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.003t1598.004t1600t1608tannertanner activitytanner detectedtanner eventstanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantelecommunicationstelephone harassmenttelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelthreat intelligencethreat preventiontor nodetpotturkeyubuntuudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorunsolicited communicationunsolicited contactunsolicited messagingusus abuseus nonevnc protocolvnc scanvnc scanningvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrwafwaf bypassweak credentialsweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb scannerweb shellweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb-serverweb_attackweb_serverwebscanwebscannerwetransfer abusewindows ntxss

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
30
Reports
First seenDec 6, 2022
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationCedar Knolls, New Jersey
ASNAS63949
OrgLinode
Coords40.8218, -74.4500
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
Akamai Technologies, Inc. LINODE-US (NET-172-104-0-0-1) 172.104.0.0 - 172.105.255.255 Linode LINODE (NET-172-104-0-0-2) 172.104.0.0 - 172.105.146.255
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-31/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 11 days ago
Appeared in 30 threat reports