IOC Radar
IPMediumSignal 63/100

45.79.115.134

Location
United StatesUnited States
Fremont, California
ASN
AS63949
Linode
First Seen
Apr 22, 2024
Last Seen
Jun 19, 2026
Apr 22
First Seen
793d ago
Jun 19
Last Seen
5d ago
27
Reports
source reports
63%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

86 techniques

Network Information

CountryUSUnited States
RegionFremont, California
ASNAS63949
OrganizationLinode

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

27 reports63% confidence
27
Source reports
63%
Confidence score
Category tags
abuseaccessaccess attemptsaccess controlaccount compromiseactionactive scanactive scanningactive-attackactive-threatadbhoney activityadbhoney honeypotapplication layer protocolaptasiaatif feedattackattack sourceattack source identificationattacker-ipaustraliaauthenticationauthentication attackauthentication attemptsauthentication-attemptsauthentication_bypassauto-generated securityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated threatsautomated-attackautomated_attackback orifice trafficbad reputationbad web botbanlist feedbinary defenseblacklist activityblacklist checkblacklist ipblacklist ip activityblock listblocklist_allblog spambothammerbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force attackbrute_forcebruteforcec2 communicationc2 serverchinachina mobilecisco devicecisco device targetingcisco exploitation attemptscisco network devicescisco targetedcisco_device_attackcitrix brute forcecitrix exploitation attemptcitrix securityclassclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand executioncommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconfigconnectconpotconpot activityconpot honeypotconpot ics attackconpot ics exploitationcountcountrycowriecowrie activitycowrie attackscowrie detectedcowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_accesscredential_stuffingcssctacyberattackdaily-feeddaily-threat-feeddata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase securitydatabase_serverddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdhcpdhcp discoverydhcp exploitationdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attacksdionaea detecteddionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attackselasticpot attackselasticpot detectedelasticpot honeypotelasticsearchelasticsearch enumerationelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenv-huntingeuropeeventsexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptsexploitation_attemptexploited hostexport-to-otxexternal access attemptsexternal threatfailed authenticationfailed loginfailed login attemptsfattfatt detectionsfieldfilefinlandfirewall blockingformloginfranceftpftp attacksftp brute forceftp brute-forceftp scangeckogermanygithubgpongroupshackinghardcoded passwordhelloheralding probeshk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttpsics securityics/scada attackidentity & access exploitationimapimap attackimap brute forceindicatorindustrial control systemsinfoinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksintel macinternet background noiseinternet facing systemsinternet-facing assetsinternet-facing serviceinternet-wide monitoringintrusion detectioniociocsiot devicesiot securityiot targetediot/ics attackiot_attackip-addressipphoney honeypotipv4ipv4 addressesipv4_addressitalykfsensor honeypotkhtmlkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglamp_stack_attacklateral movementlcialdapldap brute forceldap enumerationldap scanninglinuxlinux serverslinux systemslinux x8664linux-server-attacklinux-server-attackslinux_server_attacksloginlogin attacklogin attemptlow-riskmail service attackmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious file transfermalicious ip activitymalicious ipsmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious sftp activitymalicious softwaremalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-ipmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware infectionmalware propagationmalware_activitymanualmemcache brute forcememcached amplificationmemcached exploitationmispmobilemobile securitymodbusmssqlmssql attackmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork device attacknetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_reconnaissancenetwork_service_exploitationnginxnorth americantpntp amplificationoceaniaopen proxyopencanaryopportunistic attackoracleoracle attackoracle brute forceoracle scanningos fingerprintingos xosintp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword-guessingpathpgp signphishingphishing attackphishing trappingping of deathpolandport-scanningportscanpossible botnet activitypossible malicious activitypossible malware distributionpossible mirai variantpostgrespostgres brute forcepostgresql scanningpotential malware deliverypotential malware distributionpotential_compromiseprivilege escalationprocess injectionproduction_environmentprotocol exploitationprotocol-abuseproxypythonqhoneypot detectionransomwareraspberry-pircerdp scanningrealtime-wafreconnaissanceredisredis brute forceredis enumerationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotremote accessremote access attemptsremote loginremote serviceremote service exploitationremote servicesremote_accessremote_access_serviceresearchedresource hijackingroutersscanscannerscanner detectionscanner ipscannersscanning activityscorescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer p2p attackserverserver exploitationserviceservice scanservice scanningseveresftpsftp access attemptsftp activitysftp attacksftp exploitation attemptssftp scanningsftp-attackshell access attemptssiemsipsip attackssip brute forcesip heraldingsip scansip scanningsipvicious scanningslugsmbsmb brute forcesmb scanningsmtpsmtp brute forcesnmpsnmp enumerationsocial engineeringsocks5socks5 proxy activitysocradar honeypotspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh bruteforcessh monitoringssh scanssh scanningssh-brute-forcesurface websuricata alertssystem discoverysystem reconnaissancesystembc botnett-pott1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1552.001t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner detectedtanner eventstanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp/23telecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelthreat intelligencethreat preventiontimeouttor nodetotal eventstpottpotceturkeytypeubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorunusual network trafficusus nonevalid accountsvaluevncvnc protocolvoipvoip attackvoip reconnaissancevoip systemsvpnvpn ipvulnerability scanvulnerability-scanningvultrweak credentialsweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb camerasweb crawling detectionweb exploitationweb exploitsweb server attacksweb serversweb service scanningweb shellweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb-attackweb_attackweb_serverwindows ntzgrab scanner

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
27
Reports
First seenApr 22, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationFremont, California
ASNAS63949
OrgLinode
Coords37.5485, -121.9890
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 5 days ago
Appeared in 27 threat reports