IOC Radar
IPMediumSignal 79/100

159.223.110.137

Location
United StatesUnited States
North Bergen, New Jersey
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 26, 2026
Last Seen
May 27, 2026
Feb 26
First Seen
109d ago
May 27
Last Seen
18d ago
11
Reports
source reports
79%
Confidence
medium
9/91
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryUSUnited States
RegionNorth Bergen, New Jersey
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

11 reports79% confidence
11
Source reports
79%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningattackaustraliaautomated attackautomated threatbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forceciscocisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommunication protocolcowriecowrie attackscowrie honeypotcredential accesscredential attackscredential compromisecredential guessingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea honeypotencryptionenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploited hostexternal access attemptsfattfranceftpftp brute forcehackinghoneytrap datahoneytrap honeypothttp scannerhttp/shttpsidentity & access exploitationindicatorinitial access activityinjection activityintrusion detectionipv4lamplamp attacklamp exploitation attemptslamp stack targetinglateral movementlinux systemsmailoney honeypotmalicious activitymalicious activity detectedmalicious softwaremalwaremalware behaviourmalware capturemalware delivery attemptnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnorth americaoceaniap0fpassword attacksperimeter securityphishingphishing attackphishing trapportscanpossible malware distributionprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationserver securityservice scansftpsftp attacksipsip scanningsmtpsql injectionsshssh attackssh monitoringsystem accesst-pott1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1486t1496t1499.001t1499.002t1505.002t1563t1565t1590.006t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat feedthreat intelligencetor nodetpotunauthorized access attemptunited statesunknown threat actorusvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb traffic

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
11
Reports
First seenFeb 26, 2026
Last seenMay 27, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, New Jersey
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220

VirusTotal

9/ 91vendors flagged
10% detection rateJun 8, 2026

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
NetRange: 159.223.0.0 - 159.223.255.255 CIDR: 159.223.0.0/16 NetName: DO-13 NetHandle: NET-159-223-0-0-1 Parent: NET159 (NET-159-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2020-11-03 Updated: 2020-11-03 Ref: https://rdap.arin.net/registry/ip/159.223.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-01/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-28/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 18 days ago
Appeared in 11 threat reports