IOC Radar
IPMediumSignal 39/100

173.26.237.216

Location
United StatesUnited States
Apache Junction, AZ
ASN
AS30036
MEDIACOM
First Seen
Oct 8, 2024
Last Seen
Apr 8, 2026
Oct 8
First Seen
612d ago
Apr 8
Last Seen
66d ago
14
Reports
source reports
39%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryUSUnited States
RegionApache Junction, AZ
ASNAS30036
OrganizationMEDIACOM

Feed Intelligence Summary

14 reports39% confidence
14
Source reports
39%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptcloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcompromised hostcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdionaea honeypotdistributed attacksenumerationeuropeexfiltrationexploitationexploitation activityhoneytrap honeypotidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackiplistlamplateral movementlogin attemptmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork accessnetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americapassword attackspassword sprayingpolandpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissanceremote accessresearchedresource hijackingscanscannersecurity policyservice scansftp attacksocradar honeypotssh attackssh monitoringt1021.002t1021.004t1040t1041t1046t1055t1056.001t1059.001t1071t1071.001t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1573t1595t1595.001t1595.002t1595.003tcp protocoltcp/23telnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunited statesvulnerability scanwarsaw

Activity Timeline

1 total obs
Apr 8Apr 8

Threat Activity Heatmap

· Peak: 2026-04-08
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
14
Reports
First seenOct 8, 2024
Last seenApr 8, 2026
GeolocationUS
CountryUnited States
LocationApache Junction, AZ
ASNAS30036
OrgMEDIACOM
Coords33.3284, -111.3502

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
NetRange: 173.16.0.0 - 173.31.255.255 CIDR: 173.16.0.0/12 NetName: MEDIACOM-RESIDENTIAL-CUST NetHandle: NET-173-16-0-0-1 Parent: NET173 (NET-173-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Mediacom Communications Corp (MCC-244) RegDate: 2008-05-19 Updated: 2012-02-24 Ref: https://rdap.arin.net/registry/ip/173.16.0.0 OrgName: Mediacom Communications Corp OrgId: MCC-244 Address: 1 Mediacom Way City: Mediacom Park StateProv: NY PostalCode: 10918 Country: US RegDate: 2008-02-05 Updated: 2024-06-18 Comment: For abuse issues contact [email protected] Ref: https://rdap.arin.net/registry/entity/MCC-244 ReferralServer: rwhois://rwhois.mediacomcc.com:4321 OrgTechHandle: HCD1-ARIN OrgTechName: Dean, Henry Clay OrgTechPhone: +1-515-559-0223 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HCD1-ARIN OrgRoutingHandle: IPOPE24-ARIN OrgRoutingName: IP Operations OrgRoutingPhone: +1-515-559-0300 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/IPOPE24-ARIN OrgAbuseHandle: MEDIA2-ARIN OrgAbuseName: Mediacom Abuse OrgAbusePhone: +1-845-695-2600 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/MEDIA2-ARIN OrgTechHandle: NAH5-ARIN OrgTechName: Ahmad, Nisar OrgTechPhone: +1-845-443-2698 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NAH5-ARIN
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-telnet-bruteforce-ip-list-2025-08-17/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 14 threat reports