IOC Radar
IPMediumSignal 45/100

212.102.46.44

Location
United StatesUnited States
Seattle, WA
ASN
AS60068
CDN77 Seattle
First Seen
Jan 18, 2022
Last Seen
May 30, 2026
Jan 18
First Seen
1607d ago
May 30
Last Seen
14d ago
18
Reports
source reports
45%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

69 techniques

Network Information

CountryUSUnited States
RegionSeattle, WA
ASNAS60068
OrganizationCDN77 Seattle

Feed Intelligence Summary

18 reports45% confidence
18
Source reports
45%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackerattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forceciscocisco asacisco devicecisco device targetedcivil servicescommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdistributed attacksenterprise networkingexecutable fileexploitexploit attemptexploitation activityexploited hostgovernment technologyhackinghoneytrap honeypothttphttp scanneridentity & access exploitationinformation technologyinjection activityinjection attacksintrusion detectionit infrastructurelamplamp stacklamp stack targetinglinuxmalicious activitymalicious ipmalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsmysqlnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphpprocess injectionproxypublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesresearchedscannerscripting languagesecurity policyserver exploitationservice scansftpsftp attacksftp attackssoftware developmentspamsqlsql injectionsshssh attackssh monitoringt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1565t1588t1588.002t1588.003t1588.004t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1596.003t1596.004t1596.005t1598t1598.001t1598.003t1598.004targeting databasetcptcp protocolthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunited statesusvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb application exploitationweb developmentweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
18
Reports
First seenJan 18, 2022
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationSeattle, WA
ASNAS60068
OrgCDN77 Seattle
Coords47.6144, -122.3447

VirusTotal

Not checked

WHOIS

description
Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 212.102.46.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).
raw
NetRange: 212.0.0.0 - 212.255.255.255 CIDR: 212.0.0.0/8 NetName: RIPE-NCC-212 NetHandle: NET-212-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 1997-11-14 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/212.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 14 days ago
Appeared in 18 threat reports