IOC Radar
IPMediumSignal 62/100

71.210.6.29

Location
United StatesUnited States
Youngsville, Virginia
ASN
AS19901
CenturyLink Communications, LLC
First Seen
Apr 15, 2026
Last Seen
Apr 24, 2026
Apr 15
First Seen
61d ago
Apr 24
Last Seen
52d ago
8
Reports
source reports
62%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryUSUnited States
RegionYoungsville, Virginia
ASNAS19901
OrganizationCenturyLink Communications, LLC

Feed Intelligence Summary

8 reports62% confidence
8
Source reports
62%
Confidence score
Category tags
active scanactive scanningaptbrute forcebrute force attackcredential accesscredential stuffingexploitation activityidentity & access exploitationindicatornetworknorth americapassword attacksreconnaissanceresearchedscannerssh attackt1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003threat actortor nodeunited states

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
8
Reports
First seenApr 15, 2026
Last seenApr 24, 2026
GeolocationUS
CountryUnited States
LocationYoungsville, Virginia
ASNAS19901
OrgCenturyLink Communications, LLC
Coords36.8508, -76.2859

VirusTotal

Not checked

WHOIS

description
The following is the full list of names given to Vye32GsS2g38eKhmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA
raw
NetRange: 71.208.0.0 - 71.223.255.255 CIDR: 71.208.0.0/12 NetName: CENTURYLINK-LEGACY-QWEST-INET-118 NetHandle: NET-71-208-0-0-1 Parent: NET71 (NET-71-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: CenturyLink Communications, LLC (CCL-534) RegDate: 2005-05-06 Updated: 2018-10-04 Ref: https://rdap.arin.net/registry/ip/71.208.0.0 OrgName: CenturyLink Communications, LLC OrgId: CCL-534 Address: 100 CENTURYLINK DR City: Monroe StateProv: LA PostalCode: 71201 Country: US RegDate: 2018-07-12 Updated: 2024-06-17 Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY: Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY: Comment: Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden. Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering. Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so. Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination. Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met. Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Our looking glass is located at: https://lookingglass.centurylink.com/ Comment: Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page: Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html Comment: Comment: For abuse issues, please email [email protected] Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/CCL-534 OrgTechHandle: QIA-ARIN OrgTechName: Centurylink IP Admin OrgTechPhone: +1-877-886-6515 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/QIA-ARIN OrgAbuseHandle: CAD54-ARIN OrgAbuseName: Centurylink Abuse Desk OrgAbusePhone: +1-877-886-6515 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAD54-ARIN OrgRoutingHandle: RPKIR-ARIN OrgRoutingName: RPKI-ROA OrgRoutingPhone: +1-877-886-6515 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 8 threat reports