IPMediumSignal 61/100
72.240.125.133
Location
United StatesMaumee, OH
ASN
AS13490
Buckeye Cablevision, Inc.
First Seen
Dec 29, 2020
Last Seen
Jun 4, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionMaumee, OH
ASNAS13490
OrganizationBuckeye Cablevision, Inc.
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
31 reports61% confidence
31
Source reports
61%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheasiaattackattack sourceattack source: gbattacker hostattempted accessattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsauthentication_attackauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated attemptsbad reputationbad web botbanner-grabbingblock listblock.txtblocked eventblocked ipblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobileciscocisco devicecisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand injectioncommunication protocolcommunity-sharedcompany limitedcompromise attemptcompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential attackcredential brute forcecredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential theft attemptcredential-stuffingcredential_stuffingctacyber reconnaissancedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean vpsdionaeadionaea honeypotdionaea interactionsdionaea malware samplesdistributed attacksdnsdns attackdos attemptencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackexternal ipexternal port scanningexternal scanexternal threatfail2ban alertfail2ban alertsfail2ban detectedfail2ban triggeredfail2ban_eventfailed authenticationfailed loginfailed login attemptsfattfatt signaturesfilefinlandfirewall blockingfranceftpftp attacksftp brute forceftp brute-forceftp_brute_forcegeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghostile ipshttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpidentity & access exploitationimap brute forceindiaindicatorindicators of compromiseinfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinjection activityinjection attacksinternet scaninternet-facingintrusion attemptsintrusion detectioninvalid login attemptsiocioc-ipiot securityiot targetedip-addressesipv4ipv4 addressipv4 addressesipv4 attacksipv4 port scanningipv4_addressipv4_trafficit infrastructurelamplamp server targetinglamp stacklateral movementlinux systemslinux-server-attackslog analysisloginlogin attacklogin attemptlogin attemptslogin failuremailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious loginmalicious payloadmalicious script executionmalicious softwaremalicious trafficmalicious-activitymalwaremalware analysismalware behaviourmalware capturemalware distributionmalware propagationmanualmass scanningmispmod securitymssqlmssql scanningmultiple failed loginsnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service attacknetwork service scanningnetwork traffic analysisnetwork_reconnaissancenetwork_service_exploitationnorth americanoticeoceaniaopencanaryopenctip0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible intrusionpossible malware distributionpotential malware uploadprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwareraspberry-pirate limiting triggeredreconnaissancereconnaissance activityred piranharemote accessremote access attemptremote access attemptsremote loginremote serviceremote service attackremote service exploitationremote servicesremote-accessremote_accessresearchedresource exhaustionresource hijackingscanscannerscannersscanning activityscript kiddiesecurity eventsecurity logssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice enumerationservice exploitationservice scansftpsftp access attemptsftp attacksipsip brute forcesip scanningsmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentspamsql injectionsshssh attackssh attacksssh brute-force attackssh bruteforcessh monitoringssh protocolssh-brutessh_brute_forcesuricata alertsswedensystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1552.001t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized_activityunited kingdomunited statesunited states of americaunknown threat groupunusual network activityusus abuseus nonevalid accountsvoipvoip attackvpnvpn ipvpsvulnerability scanvultrvultr infrastructureweb app attackweb application attackweb application attacksweb application scanweb attacksweb brute forceweb exploitweb exploitationweb shell detectionweb spamweb traffic
Activity Timeline
Jun 4Jun 4
Threat Activity Heatmap
· Peak: 2026-06-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
31
Reports
First seenDec 29, 2020
Last seenJun 4, 2026
GeolocationUS
CountryUnited States
LocationMaumee, OH
ASNAS13490
OrgBuckeye Cablevision, Inc.
Coords41.3811, -83.6556
VPN
VirusTotal
Not checked
WHOIS
- description
- Observed authentication attempts via ssh against Cowrie/Heralding honeypots in Australia. Total events observed: 291. Sensors involved: Cowrie, Fatt. Target ports: 22. Source country: US. ASN(s): 13490. Organisation(s): Buckeye Cablevision, Inc.. Usernames observed (masked): r**t, 3**********4, f*****r, u****u, ***. Passwords observed (masked): 3***********4, 3**********4, 1********6, 1****6, B********3.
- raw
- NetRange: 72.240.0.0 - 72.241.255.255 CIDR: 72.240.0.0/15 NetName: BUCKEYE-CABLESYSTEM NetHandle: NET-72-240-0-0-1 Parent: NET72 (NET-72-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Buckeye Cablevision, Inc. (BUCKEY-4) RegDate: 2005-04-21 Updated: 2012-03-02 Ref: https://rdap.arin.net/registry/ip/72.240.0.0 OrgName: Buckeye Cablevision, Inc. OrgId: BUCKEY-4 Address: 5566 Southwyck Blvd. City: Toledo StateProv: OH PostalCode: 43614 Country: US RegDate: 2000-11-10 Updated: 2025-10-27 Ref: https://rdap.arin.net/registry/entity/BUCKEY-4 ReferralServer: rwhois://rwhois.buckeyecom.net:4321 OrgTechHandle: INE20-ARIN OrgTechName: IP Network Engineering OrgTechPhone: +1-419-724-3884 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/INE20-ARIN OrgNOCHandle: INE20-ARIN OrgNOCName: IP Network Engineering OrgNOCPhone: +1-419-724-3884 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/INE20-ARIN OrgTechHandle: FINCH167-ARIN OrgTechName: Finch, Derek OrgTechPhone: +1-419-724-3710 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/FINCH167-ARIN OrgAbuseHandle: ABUSE5855-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +1-419-724-3884 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5855-ARIN RTechHandle: ZA107-ARIN RTechName: DNS-TECH RTechPhone: +1-419-724-3845 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ZA107-ARIN
- references
- https://purplesynapz.com/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-26/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 9 days ago
Appeared in 31 threat reports