IOC Radar
IPMediumSignal 76/100

137.184.13.100

Location
United StatesUnited States
Santa Clara, California
ASN
AS14061
Digital Ocean
First Seen
Oct 24, 2022
Last Seen
Jun 12, 2026
Oct 24
First Seen
1340d ago
Jun 12
Last Seen
14d ago
31
Reports
source reports
76%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS14061
OrganizationDigital Ocean

IP Category

Proxy
Proxy server

Feed Intelligence Summary

31 reports76% confidence
31
Source reports
76%
Confidence score
Category tags
abuseabuseipdbaccess attemptaccount compromiseaccount takeover attemptsackactive reconnaissanceactive scanactive scanningactor listaerospace & defensealaskaapplication layer protocolaptasiaattackattacker ipauthenticationauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated-attackautomotive manufacturingbad ip'sbad reputationbad web botbankingbeningbening scannerblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_force_attackbruteforcec2certchina mobilecivil servicescloud environmentcloud infrastructurecloud infrastructure activitycloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised systemscredential accesscredential attackcredential harvestingcredential stuffingcredit card servicesctacyber securitycyberattackdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attackselectronics manufacturingelephant flowenumerationeuropeexploitexploit attemptexploit attemptsexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexternal ipexternal reconnaissanceexternal remote servicesexternal scanningexternal serviceexternal-scanningexternal_threatfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp_scangermanygovernment technologyhackinghigh volume traffichk abusehandlerhoneynet connecthoneypot datahong konghttp brute forcehttp scannerhttp scanninghttp_scanhttpsidentity & access exploitationids alertsindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitiator ipinjection activityinternet facing assetinternet-facing assetsinternet-wide scaninternet_wide_scanintrusion blockintrusion detectioniociot securityiot targetedipv4ipv4 iocipv4 scanningipv4_scanningit infrastructurejapanlateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalicious activitymalicious ip activitymalicious ipsmalicious softwaremalwaremalware distributionmalware propagationmalware scanningmanualmanufacturing technologymilitary operationsmisp threatmssqlnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork servicenetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenextraynorth americaopen proxyopen threatopenctiopportunistic attackotx pulsenametipassword attackpassword attackspayment processingpgp signphishingphishing attackpinyinpla unitpolandportscanpossible botnet activitypossible compromisepotential intrusionprobingprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlradminransomwarerdp exploitationrdp scanningrdp_scanreconnaissanceregulatory agenciesremote accessremote access serviceremote servicesresearchedresource hijackingsansscams & fraudscannerscanner ipscannersscanningscanning activityscripting attackssecurity monitoringsecurity operationsserver exploitationservice discoveryservice enumerationservice scanshodan_io-benignsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradarsoftware developmentsourcespamsql injection attemptssshssh attackssh_scansupply chain attacksupply chain managementsynsyn scansystem accesst1003t1003.001t1003.006t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1071t1071.001t1076t1078t1078.002t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1497t1498t1499.001t1499.002t1499.003t1505.004t1543.003t1550t1550.003t1555.003t1563t1565t1566.001t1566.002t1566.003t1583t1587.001t1588t1588.002t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat-intelligencethreat_actor_unknownti advisorytimeouttokyotor nodetsectsocudp scanudp-scanningunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunit coverunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneus-akvalid accountsverified-benignvirustotal analysisvoipvulnerability scanvultrvultr cloud infrastructurewazuhwealth managementweb app attackweb application attackweb attackweb crawlerweb crawlingweb exploitationweb scannerweb spamweb trafficwebscanwebscanner

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
31
Reports
First seenOct 24, 2022
Last seenJun 12, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS14061
OrgDigital Ocean
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 137.184.0.0 - 137.184.255.255 CIDR: 137.184.0.0/16 NetName: DIGITALOCEAN-137-184-0-0 NetHandle: NET-137-184-0-0-1 Parent: NET137 (NET-137-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2019-11-13 Updated: 2025-03-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/137.184.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-ftp-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrtokyo-mssql-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 14 days ago
Appeared in 31 threat reports