IPMediumSignal 61/100

`146.59.95.254`

Location

Poland

Warsaw, Mazowieckie

ASN

AS16276

OVH Sp. z o. o

First Seen

Oct 8, 2024

Last Seen

Jun 3, 2026

Oct 8

First Seen

625d ago

Jun 3

Last Seen

22d ago

Reports

source reports

61%

Confidence

medium

Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

61%

Signal Score

61 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

63 techniques

Network Information

Country

Poland

RegionWarsaw, Mazowieckie

ASNAS16276

OrganizationOVH Sp. z o. o

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

31 reports61% confidence

Source reports

61%

Confidence score

Category tags

abuseaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningapacheapache attackerapplication layer protocolaptasiaatif feedattackattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresauthentication_attemptsauto-generated securityautomated attackbad reputationbad web botbanlist feedbinary defenseblocked ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcechinacisco devicecisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecommand and controlcommunication protocolcompromised hostcowriecowrie datacowrie honeypotcowrie honeypot datacredential accesscredential attackscredential guessingcredential harvestingcredential stuffingcredential_accessctacyberattackdata exfiltrationdata store exposuredatabase securityddosddos attackddos preventiondecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexploitexploitationexploitation activityexploitation attemptsexploited hostfail2ban alertfail2ban alertsfail2ban eventsfail2ban triggeredfailed authenticationfailed login attemptsfailed loginsfattfinlandfranceftpftp brute forceftp brute-forcegame_servergermanygithubhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationindiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniot securityiot targetedipv4ipv4 scanit infrastructurekazakhstankill-chain exploitationkill-chain reconnaissancelamplamp server targetinglateral movementlcialinuxlogin attacklogin attemptlogin attemptslogin failurelow-riskmailmail servermailoney honeypotmalaysiamalicious activitymalicious loginmalicious payloadmalicious script executionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmod securitymysqlnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_attacknginxnorth americanoticeoceaniaopencanaryopenctiosintp0fpassword attackpassword attackspassword crackingpassword sprayingpassword_guessingphishingphishing attackphishing trapping of deathplpolandpotential malware uploadprocess injectionprotocol exploitationproxypythonransomwareraspberry-pireconnaissanceremote accessremote access attemptsremote service exploitationremote service interactionremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity alertsecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserverserver hardeningserver securityservice exploitationservice scansftpsftp access attemptsftp attacksftp exploit attemptsftp exploitation attemptssingaporesip brute forcesip scansip scanningslugsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh attacksssh monitoringssh scanssh scanningstaging_serversurface webswedent-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1078t1078.001t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1583t1583.001t1583.002t1583.003t1583.004t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized_access_attemptsunited kingdomunited statesunknown threat actorus source iputc+1:00valid accountsvoipvoip attackvpnvpn ipvulnerability scanwebweb app attackweb applicationweb application attackweb exploitationweb serverweb spamweb traffic

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

61%

Confidence

Reports

First seenOct 8, 2024

Last seenJun 3, 2026

GeolocationPL

CountryPoland

LocationWarsaw, Mazowieckie

ASNAS16276

OrgOVH Sp. z o. o

Coords48.8582, 2.3387

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Host bruteforcing SSH
raw: inetnum: 146.59.92.0 - 146.59.95.255 netname: VPS-WAW2 country: PL org: ORG-OS23-RIPE geoloc: 52.225524 21.049737 admin-c: OTC12-RIPE tech-c: OTC12-RIPE status: LEGACY mnt-by: OVH-MNT created: 2022-02-24T11:12:50Z last-modified: 2022-02-24T11:12:50Z source: RIPE organisation: ORG-OS23-RIPE org-name: OVH Sp. z o. o. org-type: OTHER address: ul. Swobodna 1 address: 50-088 Wroclaw address: Poland admin-c: OTC2-RIPE mnt-ref: OVH-MNT mnt-by: OVH-MNT created: 2005-09-02T12:40:01Z last-modified: 2019-08-08T07:47:57Z source: RIPE # Filtered role: OVH PL Technical Contact address: OVH Sp. z o. o. address: ul. Swobodna 1 address: 54-088 Wroclaw address: Poland admin-c: OK217-RIPE tech-c: GM84-RIPE nic-hdl: OTC12-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2009-09-16T16:09:56Z last-modified: 2019-08-08T07:50:01Z source: RIPE # Filtered route: 146.59.0.0/17 origin: AS16276 mnt-by: OVH-MNT created: 2020-06-09T16:08:19Z last-modified: 2020-06-09T16:08:19Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-23/, https://jamesbrine.com.au, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`146.59.95.254`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey