IOC Radar
IPMediumSignal 40/100

2.59.152.54

Location
Hong KongHong Kong
Mong Kok, Virginia
ASN
AS136038
IP Transit
First Seen
Apr 10, 2025
Last Seen
May 5, 2026
Apr 10
First Seen
430d ago
May 5
Last Seen
40d ago
17
Reports
source reports
40%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryHKHong Kong
RegionMong Kok, Virginia
ASNAS136038
OrganizationIP Transit

Feed Intelligence Summary

17 reports40% confidence
17
Source reports
40%
Confidence score
Category tags
abuseaccess controlaccount takeover attemptactive scanactive scanningasiaattackaustraliaauthenticationauthentication abuseauthentication attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcecliftoncommand and controlcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attackseuropeexploitexploitation activityfail2ban alertfail2ban blocked ipfail2ban mitigationftp brute forcegeoiphackinghkhong kongidentity & access exploitationindicatorinformation technologyinitial accessinjection activityit infrastructurelateral movementlogin attacklogin failuremalicious activitymalicious softwaremalwarenetworknetwork intrusionnetwork intrusion attemptsnetwork scannetwork scanningnorth americanoticeoceaniapassword attacksphishingphishing attackpossible reconnaissanceprocess injectionreconnaissanceremote accessremote servicesresearchedresource developmentscannerscanning activitysecurity operationssecurity policysftp attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringt1005t1018t1021t1021.001t1021.004t1041t1046t1055t1059t1059.004t1068t1071.001t1076t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195.002t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003threat actorthreat intelligencethreat preventiontor nodetpotceunited kingdomunited statesutc+1vpsvulnerabilityvulnerability scanweb application attackweb exploitation

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, signals a significant and persistent threat targeting organizations. Its high threat score of 39.5 and "No" whitelist status strongly suggest its involvement in malicious activities, primarily brute-force attacks, SSH compromise attempts, and credential stuffing. If this IP address successfully breaches an organizational asset, it could lead to unauthorized access, lateral movement within the network, and potentially critical data exfiltration…

Threat ScoreLow Risk
40
SIGNAL
Signal Score
40%
Confidence
17
Reports
First seenApr 10, 2025
Last seenMay 5, 2026
GeolocationHK
CountryHong Kong
LocationMong Kok, Virginia
ASNAS136038
OrgIP Transit
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
NetRange: 2.0.0.0 - 2.255.255.255 CIDR: 2.0.0.0/8 NetName: 2-RIPE NetHandle: NET-2-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2009-09-29 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/2.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 17 threat reports