IPMediumSignal 62/100
128.199.103.139
Location
SingaporeSingapore, Unknown
ASN
AS14061
DigitalOcean, LLC
First Seen
Nov 18, 2025
Last Seen
May 29, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySingapore
SingaporeRegionSingapore, Unknown
ASNAS14061
OrganizationDigitalOcean, LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
25 reports62% confidence
25
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotapacheapache attackerapplication layer protocolaptasiaattackattack surface discoveryattacker ipattacker-ipaustraliaauthentication attemptauthentication attemptsautomated attackautomated attacksautomated botautomated threatautomated-attackback orifice trafficbad reputationbad web botblacklist activityblacklist matchingblocklist_allblog spambotnetbotnet activitybotnet infectionsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2cisco brute forcecisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconnect scanconnected devicesconpot honeypotcowrie attackscowrie capturecowrie datacowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh logscredential accesscredential attackscredential brute forcecredential brute forcingcredential harvestingcredential stuffingcredential-stuffingcvecyber threatcyber threat activitycybercrime groupdasan gpon rcedata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attack indicatorsddos attacksddos preparationdecoy systemdenial of servicedevice managementdhcpdhcp attackdhcp discoverydictionary attackdigital oceandionaea attacksdionaea capturedionaea honeypotdionaea malware detectiondistributed attacksdnsdns attackelasticpot honeypotelasticsearchelasticsearch attackelasticsearch brute forceelasticsearch enumerationelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploit kit activityexploitationexploitation activityexploitation attemptsexploited hostexploitsexternal access attemptsexternal threatexternal_threatfattfin scanfranceftpftp brute forceftp brute-forcehackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpsics securityidentity & access exploitationimapimap attackimap brute forceindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinitial accessinjection activityinjection attacksinternet exposureinternet of thingsinternet-facing serviceinternet_scanintrusion detectioniocsiot analyticsiot applicationsiot botnetiot devicesiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addresseslamplamp attacklamp exploit attemptslamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlateral movement attemptlateral movement attemptsldapldap attackldap enumerationlinux serverslinux systemslinux-server-attacklinux_server_attacksloginlogin attemptmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious ip addressesmalicious login attemptsmalicious network activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware droppermalware_activitymemcache attackmemcache enumerationmemcached scanningmirai botnetmozi botnet activitymssqlmssql attackmssql brute forcemssql enumerationmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork propagationnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_reconnaissancenetwork_scannorth americantpntp amplificationntp attackntp enumerationnull scanoceaniaopen port detectionopen proxyopen_port_discoveryopenctioracleoracle attackoracle brute forceoracle enumerationp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathport-scanningpossible credential reusepossible malware distributionpossible malware infectionpossible mirai variantpostgres enumerationpostgresql attackpostgresql brute forcepotential intrusionprocess injectionprotocol exploitationprotocol-abuseproxyqhoneypot activityqhoneypot detectionransomwareransomware activityreconnaissanceredis brute forceredis enumerationredis honeypotredishoneypot activityremote accessremote access attemptremote code executionremote servicesresearchedresource hijackingrouter command injectionscanscannerscannersscanning activityscript kiddiescripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer sip attacksserver exploitationservice enumerationservice scanservice scanningservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp-attacksgsingaporesip brute forcesip scanningsip vulnerability scansmart devicessmb brute forcesmb scanningsmtpsmtp brute forcesmtp probingsnmp enumerationsocial engineeringsocks5socks5 attacksocks5 proxy detectionsocradar honeypotspamsql injectionsql injection attemptssshssh attackssh monitoringssh-brute-forcesyn scansystem accesssystembc botnet activityt1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1497t1497.001t1498t1499t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1589.002t1590t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp_scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp_scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptsunauthorized-access-attemptunited statesunknown threat actorvnc protocolvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb serverweb spamweb trafficweb-application-attackweb_attackxmas scan
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
25
Reports
First seenNov 18, 2025
Last seenMay 29, 2026
GeolocationSG
CountrySingapore
LocationSingapore, Unknown
ASNAS14061
OrgDigitalOcean, LLC
Coords1.3212, 103.6950
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Paris (France) honeypot
- raw
- inetnum: 128.0.0.0 - 128.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database. remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM status: ALLOCATED PORTABLE last-modified: 2015-08-28T00:30:29Z source: APNIC mnt-irt: IRT-APNIC-AP irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 auth: # Filtered mnt-by: APNIC-HM last-modified: 2025-11-18T00:26:21Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 6 months ago · Last seen 15 days ago
Appeared in 25 threat reports