IPMediumSignal 60/100
185.180.141.68
Location
United StatesChicago, Brussels Hoofdstedelijk Gewest
ASN
AS21859
ICG 1 ZEN DFW
First Seen
Nov 4, 2024
Last Seen
Jun 3, 2026
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Brussels Hoofdstedelijk Gewest
ASNAS21859
OrganizationICG 1 ZEN DFW
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
28 reports60% confidence
28
Source reports
60%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive scanactive scanningactive-attackadbhoney honeypotapacheapache attackeraptattackaustraliaauto-generated securityautomated attacksbad reputationbad web botbankingbebelgiumblacklist candidateblocklist_allblog spambothammerbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcec2 communicationc2 servercanadacisco asacisco devicecisco device targetingcisco exploitation attemptscitrix exploitation attemptcitrix securitycode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised hostcompromised hostscowriecowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential access attemptscredential guessingcredential harvestingcredential stuffingcredential_accesscredit card servicesctacve-listcyberattackdaily-threat-feeddata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedenial-of-servicedevice managementdigital oceandionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityeuropeexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostfattfatt signaturesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forcegermanygithubgroupshackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttpsidentity & access exploitationindicatorindicators of compromiseinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinjection activityinjection attacksinternet of thingsinternetcensus-benignintrusion detectioniociot botnetiot securityiot targetediot/ics attacklamplamp exploitation attemptslamp server attacklamp stack exploitationlamp stack targetinglateral movementlogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious ipv4malicious login attemptsmalicious softwaremalicious trafficmalicious_activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware hostingmanualmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-based attack attemptsnetwork_intrusionnorth americaoceaniaopenctip0fp0f signaturespassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandpossible exploit attemptspotential credential compromiseprocess injectionprotocol exploitationpythonransomwarerdp attacksrdp scanningrealtime-wafreconnaissanceremote accessremote servicesresearchedresource hijackingsansscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice scansftpsftp attacksiemsipsip attackssip enumerationsip scanningsip vulnerability scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringsurface websuricata alertssystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited statesunited states of americausverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanwealth managementweb app attackweb application attackweb attackweb exploitweb exploitationweb scannerweb spamweb traffic
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
28
Reports
First seenNov 4, 2024
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationChicago, Brussels Hoofdstedelijk Gewest
ASNAS21859
OrgICG 1 ZEN DFW
Coords50.8504, 4.3488
VPN
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=PT; ports=11300 Location=Sydney, Australia.
- raw
- inetnum: 185.180.141.0 - 185.180.141.255 netname: ICG-1-ZEN-DFW descr: ICG-1-ZEN-DFW country: EU admin-c: AR59913-RIPE abuse-c: AR59913-RIPE tech-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2024-08-27T14:01:10Z last-modified: 2024-10-25T13:25:47Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Abuse-C Role address: Operations for Internet Census Group address: https://internet-census.org nic-hdl: AR59913-RIPE abuse-mailbox: [email protected] mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:58:21Z source: RIPE # Filtered route: 185.180.141.0/24 origin: AS21859 mnt-by: MNT-BST created: 2024-10-15T22:55:50Z last-modified: 2024-10-15T22:55:50Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, Cyber Threat Advisory - Update 10 Cybercriminals Leverage 66 Vulnerabilities to Target Global Systems.pdf, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7340395334054957056-FKxu?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 9 days ago
Appeared in 28 threat reports