IPMediumSignal 62/100
122.166.49.42
Location
IndiaBengaluru, Karnataka
ASN
AS24560
ABTS (Karnataka)
First Seen
Dec 3, 2023
Last Seen
Jun 7, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIndia
IndiaRegionBengaluru, Karnataka
ASNAS24560
OrganizationABTS (Karnataka)
Feed Intelligence Summary
29 reports62% confidence
29
Source reports
62%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount accessaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackattack sourceattack source ipattack source: gbattack-attemptattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresauthentication systemauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated attemptsautomated-attackbad reputationbad web botblock listblock.txtblocked ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebruteforcec2c2 communicationc2 servercanadachinachina mobilecisco devicecisco exploitationcisco exploitation attemptcisco exploitation attemptscliftoncloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescode-injectioncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential brute forcecredential guessingcredential harvestingcredential stuffingcredential theftcredential-accesscredential-attackcredential-harvestingcredential-stuffingcredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attemptddos preparationddos preventiondecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean vpsdionaeadionaea honeypotdionaea interactionsdistributed attacksdos preventionemerging threatsenterprise networkingenumerationenv-huntingeu cyber policieseuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal attackexternal remote servicesexternal threatexternal-scanningexternal_threatfail2ban alertfail2ban blocked ipsfail2ban eventfail2ban triggeredfailed authenticationfailed authentication attemptsfailed loginfailed login attemptsfattfatt signaturesfinlandfirewall blockfirewall blockingfranceftpftp brute forceftp brute-forcegeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshttps scanninghurricane usidentity & access exploitationimap brute forceinindiaindicatorindonesiainformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksintrusion detectioninvalid login attemptsiociot securityiot targetedipv4ipv4 indicatorsipv4_addressit infrastructurejapanlamplamp server targetinglamp stacklamp stack exploitationlamp stack targetinglateral movementlcialinux systemslinux-server-attackslogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin failure analysismailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious ip addressesmalicious ipsmalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware hostingmanualmispmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_scannetwork_service_exploitationnginxnorth americanoticenull scanoceaniaos credentials dumpingp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible malware distributionpotential botnetpotential intrusionpotential malware uploadprocess injectionprotocol exploitationprotocol-probingransomwarerate limitingreconnaissancereconnaissance activityregional securityremote accessremote access attemptremote access attemptsremote serviceremote servicesremote-accessremote_accessresearchresearchedresource hijackingscannerscannersscanning activitysecurity eventsecurity logssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsservice exploitationservice scansftp access attemptsftp access attemptssftp attacksftp exploitation attemptssingaporesip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh brute-force attackssh bruteforcessh monitoringssh-brutesuricata alertssyn scant-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1552.001t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583.006t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp-scanningtelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-feedthreat-intelligencethreat_intelligencetimeouttop10.txttopips.txttor nodetorontotpotudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunauthorized-accessunited kingdomunited statesunknown threat actorus abuseus noneuser enumerationutc+1:00valid accountsvoidtrapvoidtrap-intelligencevoipvoip attackvpsvps securityvulnerability scanvulnerability-scanningvultrvultr ip addressesvultr_platform_activityweb app attackweb application attackweb application scanweb attacksweb brute forceweb exploitationweb loginweb shell uploadweb spamweb trafficweb-application-attackwordpress brute forcexmas scan
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
29
Reports
First seenDec 3, 2023
Last seenJun 7, 2026
GeolocationIN
CountryIndia
LocationBengaluru, Karnataka
ASNAS24560
OrgABTS (Karnataka)
Coords12.9753, 77.5910
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on DigitalOcean Toronto (CA) honeypot
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 29 threat reports