IOC Radar
IPMediumSignal 48/100

217.180.231.219

Location
United StatesUnited States
Ankeny, IA
ASN
AS30600
HORIZON HOTELS IOWA, LLC DBA HOLIDAY INN EXPRESS AND SUITES
First Seen
May 23, 2024
Last Seen
Apr 7, 2026
May 23
First Seen
749d ago
Apr 7
Last Seen
65d ago
17
Reports
source reports
48%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryUSUnited States
RegionAnkeny, IA
ASNAS30600
OrganizationHORIZON HOTELS IOWA, LLC DBA HOLIDAY INN EXPRESS AND SUITES

Feed Intelligence Summary

17 reports48% confidence
17
Source reports
48%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptc2 communicationcensyscisco devicecommand & controlcommand and controlcommunication protocolcommunication technologiescompromised devicesconnected devicescowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposureddosddos attacksddos participationdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attackseleven11botenterprise networkingenumerationeuropeexploit activityexploit attemptsexploitationexploitation activityfin scanftpftp brute forcegame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologyhackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttps scanningidentity & access exploitationindicatorindustrial iotinfrastructure acquisitionreconnaissanceinitial accessinitiator ipinjection activityinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot devicesiot platformsiot securityiot/ics attackiranlamplateral movementloginmailoney honeypotmalicious activitymalicious domainmalicious network activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware propagationmalware scanningmanualmirai botnetmirai-basedmobile carriersmobile gamingmobile networksnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork video recordersnokia deepfieldnorth americanull scannvrnvr exploitationnvrspassword attackspassword sprayingphishingphishing attackphishing trappossible malware probingpossible vulnerability scanpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote service exploitationremote servicesresearchedrtbhscanscannersecurity camerassecurity operationssecurity policyservice discoveryservice scansftp attacksmart devicessmb scanningsmtp brute forcesocial engineeringsocradar honeypotsql injection attemptsssh attackssh monitoringsyn scant1016t1016.001t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056.001t1059t1059.001t1059.004t1071t1071.001t1071.004t1076t1078t1078.001t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1204.002t1210t1486t1496t1497t1498t1498.001t1498.002t1499t1499.001t1499.002t1499.003t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp/23teamtelecomtelecom providerstelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunauthorized accessunited kingdomunited statesusvalid accountsvideo gamesvulnerability scanweb trafficxmas scan

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address `217.180.231.219`, carries significant weight as it is strongly associated with malicious activities, notably the Eleven11bot malware and various DDoS campaigns. Its identification in our environment would signal a high-severity threat, potentially indicating an ongoing or attempted compromise involving unauthorized access, resource hijacking, or denial of service attacks. The widespread reporting of this IP across numerous threat intelligence …

Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
17
Reports
First seenMay 23, 2024
Last seenApr 7, 2026
GeolocationUS
CountryUnited States
LocationAnkeny, IA
ASNAS30600
OrgHORIZON HOTELS IOWA, LLC DBA HOLIDAY INN EXPRESS AND SUITES
Coords41.5516, -90.5017

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
Metronet CINER-3 (NET-217-180-192-0-1) 217.180.192.0 - 217.180.255.255 HORIZON HOTELS IOWA, LLC DBA HOLIDAY INN EXPRESS AND SUITES (1832129) NET-0-217-180-231-192-27 (NET-217-180-231-192-1) 217.180.231.192 - 217.180.231.223
references
https://www.greynoise.io/blog/new-ddos-botnet-discovered, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7293645864747642880-Th-L?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 17 threat reports