IOC Radar
IPMediumSignal 100/100

198.12.86.4

Location
United StatesUnited States
Buffalo, New York
ASN
AS36352
RackNerd LLC
First Seen
Jun 26, 2024
Last Seen
Jun 14, 2026
Jun 26
First Seen
727d ago
Jun 14
Last Seen
9d ago
23
Reports
source reports
99%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryUSUnited States
RegionBuffalo, New York
ASNAS36352
OrganizationRackNerd LLC

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseabuseipdbaccess controlaccess control violationaccount accessactive scanactive scanningapacheapache attackeraptasnattackattack sourceattack source identificationaustraliaauthentication abuseauthentication attacksauthentication attemptsauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauto-generated securityautomated attackautomated attacksbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcecommand and controlcommunication protocolcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-stuffingdata exfiltrationdata store exposureddosddos attackddos attemptdecoy systemdenial of servicedigitalocean vpsdionaea honeypotdionaea payloadsdistributed attackseuropeexploitexploit attemptexploitation activityexploited hostexternal remote servicesfail2ban blocked ipsfail2ban triggeredfailed login attemptsfattfatt detectionsftpftp brute forceftp brute-forcegeoiphackinghoneytrap eventshoneytrap honeypothttp brute forcehttp scannerhydraidentity & access exploitationimap brute forceinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectionipv4ipv4_addressit infrastructurelamplateral movementlinux-server-attackslogin attacklogin attemptslogin brute forcelogin bruteforcelogin failurelogin securitymailoney eventsmailoney honeypotmalicious activitymalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymanualmasscanmedusanetworknetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork_service_exploitationnmapnorth americanoticeoceaniaos credentials dumpingp0fp0f signaturespassword attackpassword attackspassword-guessingphishingphishing attackphishing trapport-scanningprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote serviceremote servicesremote_accessresearchedresource hijackingrtbhscanscannerscanning activityscripting attackssecurity alertsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsservice exploitationservice scanservice scanningsftp attacksmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsql injection attemptsshssh attackssh monitoringsuricata alertst1016t1018t1021t1021.001t1021.002t1021.004t1021.005t1040t1041t1046t1055t1059t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1552.001t1555t1563t1565t1566.001t1566.002t1566.003t1587.001t1588.002t1588.004t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized access attemptunauthorized access attemptsunited kingdomunited statesusutc+1:00voipvoip attackweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenJun 26, 2024
Last seenJun 14, 2026
GeolocationUS
CountryUnited States
LocationBuffalo, New York
ASNAS36352
OrgRackNerd LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Global Threat Feed. 14,000+ Verified targets. Archive Ref: 2026-06-04
raw
HostPapa CC-09 (NET-198-12-64-0-1) 198.12.64.0 - 198.12.127.255 RackNerd LLC CC-198-12-86-0-28 (NET-198-12-86-0-1) 198.12.86.0 - 198.12.86.15
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 23 threat reports