IPMediumSignal 60/100

`128.199.8.140`

Location

United States

Santa Clara, California

ASN

AS14061

DigitalOcean, LLC

First Seen

Sep 7, 2024

Last Seen

Jun 8, 2026

Sep 7

First Seen

642d ago

Jun 8

Last Seen

3d ago

Reports

source reports

60%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

63 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports60% confidence

Source reports

60%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseactionactive scanactive scanningasiaatif feedattachment phishingattackaustraliaauto-generated securityautomated emailbad reputationbad web botbanlist feedbase64base64 encodingbecbeningbening scannerbinary defenseblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebruteforcebulk emailciscocisco devicecloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecommand and controlcommand executioncommunication protocolconfigconnectcowriecowrie honeypotcowrie ssh honeypotcredential accesscredential harvestingcredential phishingcredential stuffingcredential-harvestingcssctadata encryptiondata exfiltrationdata store exposuredatabase enumerationdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdhcpdigital oceandionaeadionaea honeypotdistributed attacksdriftnet-benignelasticsearchemailencryptionenterprise networkingenv-huntingeuropeexecutable fileexploitexploit attemptsexploitation activityexploited hostexternal scanningfattfinlandfranceftpftp brute forceftp brute-forcegermanygithubgroupshackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationimapindicatorinfoinformation gatheringinfrastructure acquisitionreconnaissanceinjection activityinjection attacksinternet_measurement-benigniot securityiot targetedjapanlamplamp server attacklateral movementldaplinuxlogin attemptmailoney honeypotmalicious activitymalicious email activitymalicious softwaremalwaremalware behaviourmalware capturemanualmssqlmulti-cloud managementnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxnorth americantpoceaniaopen proxyopenctioracleoracle dbp0fpasswordpassword attackpassword attackspassword theftpayment fraudphishingphishing attackphishing campaignphishing trappingpolandportscanpossible malware probingpostgresprice requestprice request scamprocess injectionprotocol exploitationproxypythonransomwarereconnaissanceredisredis honeypotredishoneypotremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserverserver exploitationservice discoveryservice scansftpsftp access attemptsftp attacksipsip brute forcesip scanningslugsmbsmb brute forcesmtpsmtp brute forcesmtp scanningsnmpsocial engineeringsocks5socradar honeypotspamsql injectionsshssh attackssh monitoringsurface webt-pott1003t1003.001t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1192t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelthreat intelligencethreat preventiontokyotor nodetpotudp scanunauthorized access attemptunauthorized loginunited statesunited states of americausverified-benignvncvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb exploitationweb spamweb trafficwetransfer abuse

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenSep 7, 2024

Last seenJun 8, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS14061

OrgDigitalOcean, LLC

Coords37.3931, -121.9620

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 128.199.0.0 - 128.199.255.255 CIDR: 128.199.0.0/16 NetName: RIPE-ERX-128-199-0-0 NetHandle: NET-128-199-0-0-1 Parent: NET128 (NET-128-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2007-03-20 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/128.199.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references: https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`128.199.8.140`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy