IPMediumSignal 46/100

`137.184.179.27`

Location

United States

Santa Clara, California

ASN

AS14061

Digital Ocean

First Seen

Dec 5, 2024

Last Seen

Apr 7, 2026

Dec 5

First Seen

569d ago

Apr 7

Last Seen

81d ago

Reports

source reports

46%

Confidence

medium

Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

46%

Signal Score

46 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

76 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS14061

OrganizationDigital Ocean

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

19 reports46% confidence

Source reports

46%

Confidence score

Category tags

abuseaccess controlaccess logs analysisaccount takeover attemptactive scanactive scanninganomalous network connectionsapplication layer protocolaptasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_bypassauto-generated securityautomated attackautomated attacksautomated threat detectionbad reputationbad web botbanlist feedbinary defenseblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2china mobilecolumnscommand & controlcommand and controlcommand injectioncommunication protocolcompany limitedcompromised hostcompromised host reconnaissancecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accessctacvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackddos probedecoy systemdenial of servicedenial-of-service attemptdionaea honeypotdistributed attacksdnsdns attackencryptionenumerationeuropeexecutable fileexploitexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostfail2ban alertfail2ban blockfail2ban triggerfail2ban triggeredfailed loginfailed login attemptsfattfinlandfrancefraud voipftpftp attackftp brute forcegame_servergb-originating trafficgermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp attackhttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimapimap brute forceindicatorinfrastructure acquisitionreconnaissanceinfrastructure attackinitial accessinjection activityinjection attacksintrusion detectioninvalid logininvalid login attemptsiocipv4ipv4 attacksipv4_addresslateral movementlog analysislogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin brute-forcelogin failedlogin failurelogin failureslogin securitymailoney honeypotmalicious activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmssqlmultiple failed loginsnetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork_service_exploitationnorth americaoceaniap0fpassword attackpassword attackspgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpotential exploitpotential intrusionprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access attackremote access attemptsremote servicesremote_accessresearchedresource hijackingscams & fraudscanscannerscanning activitysecurity alertsecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice exploitationservice scansmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotspamsql injectionsql injection attemptssh attackssh monitoringstaging_servert-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003t1596tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesunited states of americausus abuseus nonevalid accountsvnc protocolvoipvoip attackvpnvpn ipvulnerability scanweb application attackweb brute forceweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

46%

Confidence

Reports

First seenDec 5, 2024

Last seenApr 7, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS14061

OrgDigital Ocean

Coords37.7510, -97.8220

VPN

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=cowrie, fatt, p0f, suricata; threshold?1; private IPs excluded.
raw: NetRange: 137.184.0.0 - 137.184.255.255 CIDR: 137.184.0.0/16 NetName: DIGITALOCEAN-137-184-0-0 NetHandle: NET-137-184-0-0-1 Parent: NET137 (NET-137-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2019-11-13 Updated: 2025-03-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/137.184.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references: https://jamesbrine.com.au/bruteforce-ip-list-2025-08-06/, https://jamesbrine.com.au, https://purplesynapz.com/, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`137.184.179.27`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey