IOC Radar
IPMediumSignal 62/100

157.245.115.125

Location
United StatesUnited States
Clifton, New Jersey
ASN
AS14061
DigitalOcean, LLC
First Seen
Oct 9, 2024
Last Seen
Jun 6, 2026
Oct 9
First Seen
612d ago
Jun 6
Last Seen
7d ago
28
Reports
source reports
62%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

66 techniques

Network Information

CountryUSUnited States
RegionClifton, New Jersey
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports62% confidence
28
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount accessaccount brute forceaccount discoveryaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningapacheapache attackerasiaattackattack patternattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication brute forceauthentication bypassautomated attackautomated attack attemptsautomated brute forcebad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcebruteforcingcisco devicecloud infrastructurecode executioncode injectioncommand and controlcommand executioncommunication protocolcompromise attemptcompromised credentialscompromised systemscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase securityddosddos attackddos attemptdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexploitexploitation activityexploitation attemptexploited hostexternal attackexternal ipexternal remote servicesexternal threatfailed login attemptsfattfatt signaturesfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttps scanninghydraidentity & access exploitationimapimap attackinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksjamesbrine.com.au ip listlamplateral movementlogin attacklogin attemptlogin brute forcelogin brute-forcemailoney honeypotmailoney interactionsmalicious activitymalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware deliverymalware hostingmanualmasscanmedusanetworknetwork accessnetwork attacksnetwork boundarynetwork brute forcenetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork trafficnmapnorth americaoceaniaos credentials dumpingp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trapping of deathpolandprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote serviceremote servicesresearchedresource hijackingscams & fraudscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice exploitationservice scansftp attacksftp exploitation attemptssingaporesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsocks proxysocradar honeypotspamsql injection attemptsshssh attackssh monitoringsuricata alertsswedent1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited statesunited states of americaususer enumerationvalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanweb app attackweb application attackweb exploitationweb shell uploadweb spamweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
28
Reports
First seenOct 9, 2024
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationClifton, New Jersey
ASNAS14061
OrgDigitalOcean, LLC
Coords40.8302, -74.1299
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected attempting to brute force SSH on private honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 28 threat reports