IOC Radar
IPMediumSignal 32/100

79.127.217.49

Location
United StatesUnited States
San Jose, California
ASN
AS60068
Cdn77 SJC
First Seen
Oct 26, 2024
Last Seen
May 31, 2026
Oct 26
First Seen
595d ago
May 31
Last Seen
13d ago
12
Reports
source reports
32%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryUSUnited States
RegionSan Jose, California
ASNAS60068
OrganizationCdn77 SJC

IP Category

VPN
VPN exit node

Feed Intelligence Summary

12 reports32% confidence
12
Source reports
32%
Confidence score
Category tags
abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningattackauthenticationautomated attackbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesczechiadata exfiltrationdata store exposureddosdecoy systemdenial of servicedionaeadistributed attacksencryptionexploitation activityfattfinancefinance and insurancefinancial servicesfinancial technologyfortiosftp brute forcegroupshackinghttp scanninghttps scanningidentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityipv4it infrastructuremalicious activitymalicious softwaremalwaremanualmobile threatmonthlynetworknetwork enumerationnetwork probingnetwork scanningnetwork securitynorth americap0fpassword attackpassword attackspayment processingphishingphishing attackpossible malware probingprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscanning activityscriptsecurity operationssensor-taggedsentrypeer botnetsftp attackslugsmb scanningsocial engineeringsoftware developmentssh attackssh monitoringssl vpnsurface webt1021t1021.001t1040t1041t1055t1059t1071.001t1078t1078.001t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566.001t1566.002t1566.003t1567t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threatthreat actorthreat intelligencetor nodetpotunauthorized accessunited statesunited states of americausvoipvoip attackvpnvpn ipwealth managementweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
12
Reports
First seenOct 26, 2024
Last seenMay 31, 2026
GeolocationUS
CountryUnited States
LocationSan Jose, California
ASNAS60068
OrgCdn77 SJC
Coords50.0853, 14.4110
VPN

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=8443 Location=Sydney, Australia.
raw
NetRange: 79.0.0.0 - 79.255.255.255 CIDR: 79.0.0.0/8 NetName: 79-RIPE NetHandle: NET-79-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2006-08-29 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/79.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 12 threat reports