IPMediumSignal 64/100
167.99.149.55
Location
United StatesNorth Bergen, NJ
ASN
AS14061
Digital Ocean
First Seen
Jul 30, 2025
Last Seen
Jun 2, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionNorth Bergen, NJ
ASNAS14061
OrganizationDigital Ocean
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
24 reports64% confidence
24
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactive-attackadb attacksadbhoney activityadbhoney honeypotaptasiaasp.net core vulnerabilityattackattacker ipattacker ip: confirmedattacker-ipaustraliaauthentication abuseauthentication attemptautomated attackautomated attacksautomated threatazure resource hijackingbad reputationbad web botblacklist ipblacklisted ip addressblock listblocklist_allblog spambothammerbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute-force-attackbruteforcec2certificate authority compromisechina mobileciscocisco devicecisco device attackcisco device attackscisco device targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecms securitycode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised ip addresscompromised systemcompromised systemsconnected devicesconpotconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie datacowrie emulationcowrie honeypotcowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcyberattackdaily-threat-feeddata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase securityddosddos attackddos attacksddos reflectiondecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea logsdionaea malware samplesdionaea malware trapdionaea payloadsdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationenv-huntingeuropeexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal_threatfailed login attemptsfattfatt detectionsfatt signaturesfilefinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegermanyhackingheralding activityherolding attackshk abusehandlerhoneynet connecthoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningics securityics/scada attacksidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsinternet-facing assetsinternet_scannersintrusion detectioniociot analyticsiot applicationsiot attacksiot botnetiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 scanningjapankestrel request smugglinglamplamp attacklamp attackslamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attackslamp stack targetinglamp vulnerability scanlateral movementlinuxlinux server targetinglinux serverslinux systemslogin attemptmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious communication blockingmalicious emailmalicious file transfermalicious ipmalicious ip activitymalicious ip indicatorsmalicious login attemptsmalicious network activitymalicious probemalicious scanmalicious sftp activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious trafficmalicious-activitymalicious-ipmalwaremalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware download attemptsmalware propagationmiraimirai botnetmssqlmulti-cloud managementmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork_scannginxnorth americaoceaniaopen proxyopencanaryopenctios command injectionp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible malware distributionpotential credential theftpotential malware activitypotential malware distributionpotential malware infectionpotential vulnerability exploitationprivilege escalationprocess injectionprotocol abuseprotocol exploitationproxyproxy protocolpublic-facing applicationransomwareraspberry-pirdp attacksrdp scanningrealtime-wafreconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote access attemptsremote service interactionremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitationshell command executionsiemsipsip attackssip brute forcesip heraldingsip scansip scanningsip vulnerability probingsmart devicessmb attackssmb brute forcesmtpsmtp attackssmtp brute forcesmtp enumerationsmtp probingsocial engineeringsocradar honeypotspamsql injectionsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringsuricata alertssynsystem accesst-pott1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1029t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1199t1203t1204.002t1486t1496t1498.001t1499.001t1499.002t1499.003t1505.002t1550t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnettelnet attackstelnet scanningtelnet threattftpthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttor nodetpotttpsudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized probingunited statesunknown threat actorunsolicited emailusus nonevnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr_platform_activityweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb serverweb server attacksweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb-servers
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
24
Reports
First seenJul 30, 2025
Last seenJun 2, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, NJ
ASNAS14061
OrgDigital Ocean
Coords40.7930, -74.0247
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=53 Location=Sydney, Australia.
- raw
- NetRange: 167.99.0.0 - 167.99.255.255 CIDR: 167.99.0.0/16 NetName: DIGITALOCEAN-167-99-0-0 NetHandle: NET-167-99-0-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2017-11-10 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/167.99.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
- references
- https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-26/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-23/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 12 days ago
Appeared in 24 threat reports