IPMediumSignal 94/100
192.81.131.77
Location
United StatesFremont, California
ASN
AS63949
Linode
First Seen
Mar 24, 2025
Last Seen
Feb 8, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionFremont, California
ASNAS63949
OrganizationLinode
Feed Intelligence Summary
18 reports94% confidence
18
Source reports
94%
Confidence score
Category tags
abuseactive scanningasiaattackaustraliabad web botbinaryedge-benignblock listblog spambotnetbrute forcebrute force attackbrute force attemptbrute force attemptschina mobilecode executioncolumnscommand and controlcommand executioncommand injection attemptcommunication protocolcommunication technologiescompany limitedcompromised systemscowrie honeypotcredential accesscredential brute-forcingcredential harvestingcredential stuffingdata exfiltrationddosdecoy systemdenial of servicedionaea honeypotdirectory traversal attemptdistributed attackseuropeexploit attemptexploit attemptsexploitation attemptsexploited hostfattfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerindicatorinformation gatheringinitial accessintrusion detectionioclamplateral movementlogin attemptmailoney honeypotmalicious activitymalicious ip activitymalicious softwaremalwaremalware behaviourmalware capturemalware downloadmalware propagationmalware scanningmobile carriersmobile networksnetworknetwork enumerationnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniap0fp0f passive fingerprintingpassword attackpassword attackspgp signphishing attackphishing trappolandprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingsansscannerscanning activitysecurity operationsself-signedsensor-taggedsentrypeer botnetsftp attacksmb brute forcesmtp brute forcesocial engineeringsoftware exploitationsql injection attemptsql injection attemptsssh attackssh monitoringsuricata alertst1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1562t1563t1565t1566t1566.001t1566.002t1566.003t1588t1592t1595t1595.001t1595.002t1595.003tannertcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetimeouttpotudp scanunauthorized access attemptunited statesus noneverified-benignvoipvoip attackvpn ipweb application attackweb exploitationweb shell attemptweb spamweb traffic
Activity Timeline
Feb 8Feb 8
Threat Activity Heatmap
· Peak: 2026-02-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
18
Reports
First seenMar 24, 2025
Last seenFeb 8, 2026
GeolocationUS
CountryUnited States
LocationFremont, California
ASNAS63949
OrgLinode
Coords37.5625, -122.0004
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
- raw
- Akamai Technologies, Inc. LINODE-US (NET-192-81-128-0-1) 192.81.128.0 - 192.81.135.255 Linode LINODE (NET-192-81-128-0-2) 192.81.128.0 - 192.81.135.255
- references
- https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 18 threat reports