IOC Radar
IPMediumSignal 28/100

161.35.101.121

Location
United StatesUnited States
North Bergen, NJ
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 6, 2025
Last Seen
Apr 6, 2026
Feb 6
First Seen
501d ago
Apr 6
Last Seen
77d ago
9
Reports
source reports
28%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
28%
Signal Score
28 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryUSUnited States
RegionNorth Bergen, NJ
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

9 reports28% confidence
9
Source reports
28%
Confidence score
Category tags
abuseaccessactionactive scanactive scanningadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attacksbrute force attemptscommand and controlcommunication protocolconfigconnectcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcssctadata exfiltrationdata store exposuredatabase attackdatabase securitydecoy systemdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailexecutable fileexploitexploit attemptsexploitation activityftpftp brute forcegithubgroupshoneytrap honeypotidentity & access exploitationindicatorinfoinitial accessinjection activityiot securitylamplamp exploitation attemptslamp stack targetinglinuxmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetworknetwork activitynetwork attacksnetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynorth americapassword attackphishingphishing attackphishing trappingpotential malware distributionprocess injectionprotocol exploitationpythonransomwarereconnaissanceredis honeypotredishoneypotresearchedresource hijackingscannerscanning activityscriptself-signedsentrypeer botnetserverserver exploitationsftpsftp attacksipsip brute forcesip enumerationsip scanningsip vulnerability scanningslugsmtp brute forcesocial engineeringsocradar honeypotsql injectionsshssh attackssh monitoringsurface webt1016t1018t1021t1021.002t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1078t1110t1110.002t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1565t1566.001t1566.002t1566.003t1566.004t1583t1588t1589t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeunited statesunited states of americausvoipvoip attackvulnerability scan

Activity Timeline

1 total obs
Apr 6Apr 6

Threat Activity Heatmap

· Peak: 2026-04-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
28
SIGNAL
Signal Score
28%
Confidence
9
Reports
First seenFeb 6, 2025
Last seenApr 6, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, NJ
ASNAS14061
OrgDigitalOcean, LLC
Coords40.7930, -74.0247

VirusTotal

Not checked

WHOIS

description
2025-02-06T21:51:47.311Z Honeypot : Dionaea : Source: 161.35.101.121 : Port: 3306 Connection: {'transport': 'tcp', 'type': 'accept', 'protocol': 'mysqld'}
raw
NetRange: 161.35.0.0 - 161.35.255.255 CIDR: 161.35.0.0/16 NetName: DIGITALOCEAN-161-35-0-0 NetHandle: NET-161-35-0-0-1 Parent: NET161 (NET-161-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2019-07-30 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/161.35.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports