IOC Radar
IPMediumSignal 57/100

172.110.223.59

Location
United StatesUnited States
Newark, New Jersey
ASN
AS47154
Dedires LLC
First Seen
Feb 21, 2026
Last Seen
Jun 14, 2026
Feb 21
First Seen
124d ago
Jun 14
Last Seen
11d ago
15
Reports
source reports
57%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryUSUnited States
RegionNewark, New Jersey
ASNAS47154
OrganizationDedires LLC

Feed Intelligence Summary

15 reports57% confidence
15
Source reports
57%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackauthenticationauthentication_attackbad reputationblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcec2command & controlcommand and controlcommunication protocolcompromised hostcowriecowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedigital oceandionaeadionaea honeypotdistributed attacksexploitation activityexploited hostfattfraud voipftp brute forceftp brute-forcehackinghoneytrap honeypothong konghttp brute forceidentity & access exploitationindicatorinjection activityiocipv4ipv4_addressmailoney honeypotmalicious activitymalicious ip addressesmalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork scanningnetwork securitynetwork traffic analysisnorth americaopenctip0fpassword attacksphphilippinesphishingphishing attackphishing trapprocess injectionreconnaissanceremote accessremote servicesresearchresearchedresource hijackingscams & fraudscannersecurity operationssensor-taggedsentrypeer botnetsingaporesipspamsshssh attackssh monitoringssh-brutet1021t1021.001t1021.006t1040t1046t1053t1055t1059t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1573t1595t1595.001t1595.002t1595.003tannertcp scantelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotudp scanunited statesusvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
15
Reports
First seenFeb 21, 2026
Last seenJun 14, 2026
GeolocationUS
CountryUnited States
LocationNewark, New Jersey
ASNAS47154
OrgDedires LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SIP on DigitalOcean London (UK) honeypot
raw
inetnum: 172.0.0.0 - 172.255.255.255 netname: IANA-NETBLOCK-172 descr: This network range is not allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email [email protected]. mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://jamesbrine.com.au/digitaloceantoronto-sip-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-sip-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-sip-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceanlondon-sip-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceantoronto-sip-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/digitaloceanlondon-sip-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/digitaloceantoronto-sip-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-sip-bruteforce-ip-list-2026-04-11/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 11 days ago
Appeared in 15 threat reports