IPMediumSignal 61/100
157.245.55.57
Location
SingaporeSingapore, Unknown
ASN
AS14061
DigitalOcean, LLC
First Seen
Sep 27, 2025
Last Seen
Jun 6, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySingapore
SingaporeRegionSingapore, Unknown
ASNAS14061
OrganizationDigitalOcean, LLC
Feed Intelligence Summary
13 reports61% confidence
13
Source reports
61%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbadb protocoladbhoney honeypotand exploitation attemptsasiaattackaustraliaauthenticationautomated attackautomated-attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcecisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconfiguration manipulationconfiguration modificationconpot honeypotcowriecowrie honeypotcowrie ssh honeypotcowrie ssh logscredential accesscredential harvestingcredential stuffingcredential-stuffingcron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase scandatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdirectory traversaldistributed attacksdnsdns attackencryptionenterprise networkingeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploited hostfattfinlandfranceftpftp brute forceftp scangeneric exploitgermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerics attacksics securityics/scada systemsidentity & access exploitationindicatorindicators of compromiseindustrial control systemsinitial accessinitial access attemptinjection activityinjection attacksinternet-facing serviceintrusion detectioniociocsiot attacksiot securityiot systemsiot targetediot/ics attackipphoney honeypotipv4lamplamp server attacklamp server targetinglamp stack targetinglateral movementlinux-server-attacklinux_server_attackslogin attemptmailoney honeypotmalicious activitymalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware installationmalware propagationmalware_activitymodbusmodbus protocolmodule loadingmulti-protocol network scanningnetworknetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaot attacksp0fpassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trappolandport-scanningportscanpossible botnet activityprocess injectionprotocol exploitationprotocol-abuseransomwarercereconnaissanceredisredis honeypotremote accessremote serviceremote servicesreplication attackresearchedresource hijackings7comms7comm protocolscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scansftp activitysftp attacksftp protocolsftp-attacksgsingaporesip brute forcesip protocolsip scanningslaveofsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh key injectionssh monitoringssh protocolssh-brute-forcet-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencetor nodetpotudp scanunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesunknown threat actorvnc protocolvoipvoip attackvoip attacksvulnerability scanvultrweb application attackweb application scanweb attackweb attacksweb exploitationweb serversweb spamweb trafficweb-application-attackweb_attack
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
13
Reports
First seenSep 27, 2025
Last seenJun 6, 2026
GeolocationSG
CountrySingapore
LocationSingapore, Unknown
ASNAS14061
OrgDigitalOcean, LLC
Coords1.3212, 103.6950
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force REDIS on Vultr Melbourne (Australia) honeypot
- raw
- inetnum: 157.0.0.0 - 157.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2020-07-20T05:26:35Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 8 months ago · Last seen 7 days ago
Appeared in 13 threat reports