IOC Radar
IPMediumSignal 54/100

167.99.157.173

Location
United StatesUnited States
North Bergen, NJ
ASN
AS14061
Digital Ocean
First Seen
Feb 24, 2026
Last Seen
Jun 7, 2026
Feb 24
First Seen
110d ago
Jun 7
Last Seen
8d ago
7
Reports
source reports
54%
Confidence
medium
2/91
VirusTotal
detections
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Network Information

CountryUSUnited States
RegionNorth Bergen, NJ
ASNAS14061
OrganizationDigital Ocean

Feed Intelligence Summary

7 reports54% confidence
7
Source reports
54%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningattackauthentication failureautomated attack activitybad reputationbad web botbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforceciscocloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecommand executionconpotcowriecowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdigital oceandionaeadionaea honeypotemailexploitation activityexploited hostftpftp brute forcehackinghoneytrap honeypothttp/sidentity & access exploitationindicatorinitial access attemptsinjection activityiot securityiot targetedlamplamp attackmalicious activitymalwaremalware behaviourmalware capturemulti-cloud managementnetworknetwork probingnetwork scanningnetwork securitynorth americapassword attackpassword attacksphishingportscanpossible malware distributionprotocol exploitationreconnaissanceredisredishoneypotresearchedresource hijackingscannerscannersscanning activityserver exploitationservice scansftpsftp attacksipsql injectionsshssh attackssh monitoringt1021t1040t1041t1059t1059.003t1059.005t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1496t1505.002t1505.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized access attemptunited statesusus source ipvultrweb application attacksweb application scanning

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
7
Reports
First seenFeb 24, 2026
Last seenJun 7, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, NJ
ASNAS14061
OrgDigital Ocean
Coords40.7930, -74.0247

VirusTotal

2/ 91vendors flagged
2% detection rateJun 7, 2026

WHOIS

description
IPv4 hosts detected attempting to brute force REDIS on Vultr Tokyo (Japan) honeypot
raw
NetRange: 167.99.0.0 - 167.99.255.255 CIDR: 167.99.0.0/16 NetName: DIGITALOCEAN-167-99-0-0 NetHandle: NET-167-99-0-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2017-11-10 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/167.99.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://jamesbrine.com.au/digitaloceantoronto-redis-bruteforce-ip-list-2026-04-21/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrtokyo-redis-bruteforce-ip-list-2026-04-19/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceanlondon-redis-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-01/, ip_iocs.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 8 days ago
Appeared in 7 threat reports