IPMediumSignal 65/100

`207.102.138.19`

Location

Canada

Vanderhoof, British Columbia

ASN

AS852

FORTINET TECHNOLOGIES (CANADA) INC

First Seen

Sep 7, 2020

Last Seen

Jun 12, 2026

Sep 7

First Seen

2116d ago

Jun 12

Last Seen

12d ago

Reports

source reports

65%

Confidence

medium

Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

96 techniques

Network Information

Country

Canada

RegionVanderhoof, British Columbia

ASNAS852

OrganizationFORTINET TECHNOLOGIES (CANADA) INC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

19 reports65% confidence

Source reports

65%

Confidence score

Category tags

abuseabuseipdbacademic institutionsactive scanactive scanningadbhoney honeypotafricaakamaiasn1alibaba cloudapacheapache attackerapplication layer protocolaptapt candidateargentinaasiaattackaustraliaauthentication abuseauthentication bypassauto blocked ipsauto-blockedauto-blocked ipsauto-generatedauto-generated securityauto-updatedautomated attackautomated blockingautomated mitigationautomated scanningautomated threat responsebad reputationbad web botbangladeshbankingbde 80bde highbde scorebde score 80bde score 80+bde score analysisbde score: 80bde score: highbelgiumblockedblocked-ipsbolivarian republic ofbotnetbotnet activitybr ip addressbr ip addressesbrand weaponizationbrazilbrazil originbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute-forcec2c2 communicationc2 communicationscaca ipca ip addressca ip addressescanadachinachina originchina-based ipscisco attackcisco devicecisco device targetingcisco exploitation attemptscivil servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommon credential attackcommonly used portcommunication protocolcommunication technologiescompromise assessmentcompromise indicatorscompromised credentialscompromised hostcompromised hostscompromised infrastructureconpot honeypotconsumer goodscontainer securitycowriecowrie activitycowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh honeypotcredential accesscredential attackcredential brute-forcingcredential stuffingcredential-harvestingcredit card servicescryptocurrencycryptocurrency threatscryptojackingctacubacurlcvecyber threatsdata encryptiondata exfiltrationdata exfiltration attemptsdata store exposuredatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddos preparationddospotde ipde ip addressde ip addressesdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea capturedionaea honeypotdionaea interactionsdionaea malware collectiondistributed attackdistributed attacksdnsdns attackdockerdugganusa threat intelligenceeducationeducational resourceseducational serviceseducational technologyelasticpot honeypotelasticsearchelasticsearch monitoringelectronic health recordsencryptionenergyenergy distributionenterprise networkingentityenumerationenv-huntingeuropeeurope/asiaexfiltrationexploitexploit attemptsexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal attackexternal communicationexternal remote servicesexternal threatextortionfattfatt analysisfatt signaturesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfr ipfr ip addressfr ip addressesfr ipsfranceftpftp attacksftp brute forcegalahgeo-distributedgeographic diversitygeographically diversegeographically diverse attacksgeographically diverse ipsgeoipgeolocated ip addressesgermanyghostgithubglobal attackglobal ip distributionglobal threatglobal threat activityglobal threat landscapegluttongooglegopotgovernment technologyhackinghajimehealth care and social assistancehealth information technologyhealthcare information systemshellpotheralding activityheralding behaviorhigh bde scorehigh confidencehigh confidence threathigh riskhigh risk iphigh threat potentialhigh threat scorehigher educationhk iphk ip addresshk ip addresseshoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshong konghospital managementhttp brute forcehttp probinghttp scannerhttp scanninghttpsicelandicmpics securityidentity & access exploitationimapimap brute forcein ip addressesindiaindicatorindonesiaindustrial control systemsinformation technologyinfostealerinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociocsiocs: 50 ipsiocs: ip addressesiot botnetiot securityiot/ics attackipphoney honeypotiraqirelandisp-reputationit infrastructureitalyjapank-12 educationkenyakg ipkibanakoreakorea, republic ofkyrgyzstanlamplamp attacklamp exploitation attemptslamp stack targetinglamp vulnerability scanninglateral movementlevel3lithuanialog analysislog4potlogin attemptlogin attemptsmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious communicationmalicious ip activitymalicious ipsmalicious network activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware analysismalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware distributionmalware downloadmalware indicatorsmalware trafficmediamedical servicesmedpotmexicominimirai botnetmitre-attackmobile carriersmobile networksmoroccomozimssqlmulti-country originmultiple countriesmultiple geolocation ipsmultiple geolocation sourcesmultiple originsnepalnetherlandsnetworknetwork activitynetwork anomaliesnetwork anomalynetwork attacksnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork threatnetwork trafficnetwork traffic analysisnew zealandnginxnl ip addressnl ip addressesnorth americanorwayoceaniaoil & gasopenctiopportunistic threatoriginating ipsp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpatient carepattern-32pattern-38payment processingphishingphishing attackphishing trappl ip addresspl ip addressespleasepolandpossible botnetpossible botnet activitypossible brute forcepossible malware distributionpossible reconnaissancepossible reconnaissance activitypotential botnet activitypotential compromisepotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptspotential lateral movementpotential malwarepotential malware distributionpotential malware infectionpotential reconnaissance activitypotential threatpotential threat actorpotential threat actorspower generationpower systemsprocess injectionprotocol exploitationprotonproxyproxy accesspublic administrationpublic infrastructurepublic policypublic urlransomwarereconnaissancereconnaissance activityredis honeypotregulatory agenciesremote accessremote access attemptremote access attemptsremote servicesrenewable energyrepublic ofresearchresearchedresidential proxyresource hijackingretail traderomaniarussiarussia ipscanscannerscanning activityscanning and reconnaissancescheduled taskscripting attackssecurity eventsecurity monitoringsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserbiaserver exploitationservice scanseznamsftp access attemptsftp activitysftp attackshell accessshell access attemptsingaporesingapore ipsip attackssip brute forcesip scanningsippsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocradarsoftware developmentsoftware exploitationsouth africasouth americaspamsql injectionsshssh attackssh attacksssh monitoringssh-brutessl certificatessl certificate enrichmentssl-enrichmentssl/tlsssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply-chainsuricata alertsuricata alertssuspected botnetsuspected threat actorswedensystem accesssystem discoverysystem disruptiont1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1036.006t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1140t1187t1190t1195.002t1199t1203t1204.001t1204.002t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505.002t1547.001t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1568t1573t1573.001t1573.002t1583.006t1585t1586t1588t1588.002t1588.004t1588.006t1589t1590t1592t1592.004t1595t1595.001t1595.002t1595.003taiwantannertanner activitytanner http honeypottanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/80team cymrutelecomtelecom servicestelecommunicationstelnet threattencentthreat actorthreat detectionthreat intelthreat intelligencethreat intelligence feedthreat-intelthreat-intelligencetor nodetpottpotcetraffic analysistsectwitterudp scanukraineunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited kingdomunited statesusus ip addressus ip addressesus originuzbekistanvalid accountsvenezuela, bolivarian republic ofvnc protocolvoipvoip attackvulnerabilityvulnerability scanwealth managementweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb login attemptweb protocolsweb scannerweb server attacksweb shellweb shell uploadweb spamweb trafficwgetwin32 malwarewindows malwarewordpot

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenSep 7, 2020

Last seenJun 12, 2026

GeolocationCA

CountryCanada

LocationVanderhoof, British Columbia

ASNAS852

OrgFORTINET TECHNOLOGIES (CANADA) INC

Coords49.2663, -122.9526

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f, wordpot; threshold?1; private IPs excluded. geo=CA; ports=80,8080 Location=Sydney, Australia.
raw: TELUS Communications Inc. TAC-BLK3 (NET-207-102-0-0-1) 207.102.0.0 - 207.102.255.255 FORTINET TECHNOLOGIES (CANADA) INC FORTINET-TECHNOLOGIES-CANADA-INC (NET-207-102-138-0-1) 207.102.138.0 - 207.102.138.255
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, https://www.virustotal.com/graph/g52f3b9b3bd644aad844902176548153bcd220b1271af454baebded0e7faebe6a, https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary, https://asnlookup.com/asn/AS852/, https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb, https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark, https://urlscan.io/search/#page.asn%3AAS852, https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e, https://dnschecker.org/asn-whois-lookup.php?query=AS852, https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage, https://viz.greynoise.io/query/AS852, https://viz.greynoise.io/query/AS852%20classification:%22malicious%22, https://ipinfo.io, https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443, https://bgp.tools/as/852, https://www.ipvoid.com/whois/, https://urlscan.io/search/#asn%3A%22AS852%22, https://dnschecker.org/asn-whois-lookup.php?query=852, https://leakix.net/search?scope=leak&q=telus.com, http://ci-www.threatcrowd.org/domain.php?domain=telus.com, https://intelx.io/?s=telus.com, https://whiteintel.io/, https://inteltechniques.com/tools/Domain.html, https://informationlaundromat.com/content-search, https://urlhaus.abuse.ch/asn/852, https://bgp.he.net/AS852#_prefixes, https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89, https://urlscan.io/search/#asn:%22AS852%22, 08.05.24 - https://viz.greynoise.io/query/AS852, https://urlscan.io/asn/AS852, https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db, counter.txt

`207.102.138.19`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey