IOC Radar
IPMediumSignal 38/100

161.35.0.118

Location
United StatesUnited States
North Bergen, NJ
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 19, 2025
Last Seen
Apr 19, 2026
Feb 19
First Seen
479d ago
Apr 19
Last Seen
55d ago
13
Reports
source reports
38%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Network Information

CountryUSUnited States
RegionNorth Bergen, NJ
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

13 reports38% confidence
13
Source reports
38%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney honeypotanomalous network connectionsasiaattackaustraliaauthentication attacksbad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2china mobileciscocisco attackscisco devicecisco device targetingcisco exploitcisco exploit attemptcisco exploitationcisco exploitation attemptscode executioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised systemsconpotconpot honeypotcowriecowrie activitycowrie honeypotcowrie honeypot datacowrie interactionscredential accesscredential harvestingcredential stuffingcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase access attemptdatabase attackdatabase intrusion attemptdatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackemailencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit kit activityexploit probingexploitationexploitation activityexploitation attemptsexploited hostfattfatt analysisfatt detectionsfatt signaturesfinlandfranceftpftp attacksftp brute forcegermanygithubhackingheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usics securityidentity & access exploitationimapindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksiociot securityiot/ics attackipphoney honeypotlamplamp attackslamp exploitation attemptslamp stack probinglamp stack targetinglateral movementloginlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious code detectionmalicious ip activitymalicious payloadmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagationmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniaosint enrichmentp0fp0f signaturespassword attackpassword attackspgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware deploymentpossible malware distributionprocess injectionprotocol exploitationpythonransomwarereconnaissancereconnaissance activityredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationsftpsftp access attemptsftp activitysftp attacksftp attackssftp attemptshellsipsip activitysip attackssip brute forcesip scansip scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationspamsql injectionsshssh activityssh attackssh attacksssh monitoringsurface websuricata alertst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunited statesunited states of americausus abuseus nonevnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb application scanweb application scanningweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Apr 19Apr 19

Threat Activity Heatmap

· Peak: 2026-04-19
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
13
Reports
First seenFeb 19, 2025
Last seenApr 19, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, NJ
ASNAS14061
OrgDigitalOcean, LLC
Coords40.7930, -74.0247

VirusTotal

Not checked

WHOIS

description
2025-09-06T08:10:00.000Z Honeypot : Redishoneypot : Source: 161.35.0.118 : Port: 6379 Action: Closed Message:
raw
NetRange: 161.35.0.0 - 161.35.255.255 CIDR: 161.35.0.0/16 NetName: DIGITALOCEAN-161-35-0-0 NetHandle: NET-161-35-0-0-1 Parent: NET161 (NET-161-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2019-07-30 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/161.35.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 13 threat reports