IOC Radar
IPMediumSignal 56/100

45.33.12.214

Location
United StatesUnited States
Richardson, Texas
ASN
AS63949
Linode
First Seen
Apr 29, 2025
Last Seen
Jun 15, 2026
Apr 29
First Seen
423d ago
Jun 15
Last Seen
11d ago
19
Reports
source reports
56%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

65 techniques

Network Information

CountryUSUnited States
RegionRichardson, Texas
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

19 reports56% confidence
19
Source reports
56%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotapplication layer protocolaptasiaattackattacker ip addressesattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication bypass attemptautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblacklist activityblacklist indicatorsblacklist ip activityblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcechinacisco devicecisco device attackcisco exploitation attemptscisco network devicesclassclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompromised hostconpot activityconpot attackconpot honeypotcountcountrycowriecowrie activitycowrie attackcowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase enumerationdatabase securitydatabase-serverddosddos attackddos probedecoy systemdenial of servicedevice managementdhcpdhcp discoverydictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea honeypotdionaea interactionsdirectory traversal attemptdistributed attacksdnsdns attackelasticsearchelasticsearch brute forceencryptionenterprise networkingenumerationenv-huntingeuropeeventsexploitexploit attemptexploit kit activityexploitationexploitation activityexploitation attemptexploitation of vulnerabilityexploited hostexport-to-otxexternal access attemptsexternal threatfailed loginfattfatt signaturesfieldfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegeckogermanyhackinghelloheralding activityhoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsics securityics/scada attackidentity & access exploitationimapimap brute forceindicatorindustrial control systemsinformation gatheringinfrastructure targetinginitial accessinitial access attemptinitial_accessinjection activityinjection attacksintel macinternet-facinginternet-facing serviceintrusion detectioniociocsiot securityiot targetediot/ics attackip-address-iocipv4ipv4 attacksipv4 scanningitalykhtmllamplamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack exploitationlamp stack targetinglateral movementlcialdapldap enumerationlinux malwarelinux serverslinux systemslinux systems targetedlinux x8664linux-server-attacklinux-systemlinux_server_attackslogin attacklogin attemptlogin attemptslondonmailoney attackmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious email activitymalicious ip addressesmalicious ipsmalicious network activitymalicious payloadmalicious softwaremalicious-ipmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware downloadmalware download attemptsmalware_activitymemcached amplificationmispmobilemobile securitymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork servicesnetwork-devicenetwork_scanningnginxnorth americantpntp amplificationoceaniaopen proxyopencanaryopportunistic attackeroracleoracle brute forceos credential dumpingos xp0fp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspathphishingphishing attackphishing trapphp injection attemptspolandport-scanningportscanpossible credential reusepossible malware probingpossible mirai variantpostgrespostgresql brute forcepotential malware deliveryprocess injectionprotocol exploitationprotocol-abuseproxypublic cloudransomwareraspberry-pireconnaissanceredisredis brute forceremote accessremote access attemptremote access attemptsremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscorescripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationserviceservice enumerationservice scanservice scanningseveresftp access attemptsftp activitysftp attacksftp-attackshell access attemptssipsip brute forcesip scanningsmbsmb enumerationsmtpsmtp brute forcesmtp probingsmtp scanningsnmpsocial engineeringsocks5socks5 proxysocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh bruteforcessh monitoringssh scanningssh-brute-forcesuricata alertsuricata alertst-pott1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1505.004t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1588t1589t1589.002t1590t1590.002t1590.003t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat actor: unknownthreat detectionthreat intelthreat intelligencethreat preventiontor nodetotal eventstpotturkeytypeubuntuudp port scanudp scanunauthorized accessunauthorized loginunauthorized-access-attemptunited kingdomunited statesunknown threat actorusvaluevncvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrweak credentialsweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitationweb exploitsweb shellweb shell attemptweb spamweb trafficweb-application-attackweb-serverweb_attackwindows malwarewindows nt

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
19
Reports
First seenApr 29, 2025
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationRichardson, Texas
ASNAS63949
OrgLinode
Coords32.9483, -96.7299
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 19 threat reports