IOC Radar
IPMediumSignal 58/100

139.162.3.144

Location
SingaporeSingapore
Singapore, North West
ASN
AS63949
Linode, LLC
First Seen
Apr 15, 2025
Last Seen
Jun 11, 2026
Apr 15
First Seen
434d ago
Jun 11
Last Seen
12d ago
13
Reports
source reports
58%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountrySGSingapore
RegionSingapore, North West
ASNAS63949
OrganizationLinode, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

13 reports58% confidence
13
Source reports
58%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapache vulnerabilityaptasiaattachment phishingattackautomated emailback orificebackdoorbad reputationbad web botbase64base64 encodingbecbotnetbotnet activitybotnet activity detectionbrute forcebrute force attackbrute force attemptsbrute-forcebulk emailc2 communicationcgi vulnerabilitycommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcowriecrawlercredential accesscredential harvestingcredential phishingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdenial of servicedistributed attacksexploitation activityftp brute forcegpongpon vulnerabilityhackinghnaphttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinformation gatheringinitial accessinjection activityinjection attacksinput validation bypassiociot securityiot targetedircmalaysiamalicious activitymalicious softwaremalwaremalware distributionnetgear vulnerabilitynetworknetwork attacksnetwork probingnetwork protocolnetwork scannetwork scanningnetwork securityopen proxypasswordpassword attackspassword theftpath traversalpayment fraudphishingphishing attackphishing campaignping of deathprice requestprice request scamprobingprocess injectionprotocol exploitationproxyransomwarercereconnaissanceremote accessremote code executionresearchresearchedrouter exploitationscams & fraudscanscannerscanning activityschedule themescheduled task abusescripting attackssecurity operationssecurity policysgsingaporesipsmtp brute forcesoapsocial engineeringspamsql injectionsshssh attackssh-brutesystembct1003t1003.001t1018t1021t1027t1040t1053t1055t1059t1059.003t1059.007t1068t1071t1071.001t1078t1078.001t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1192t1203t1486t1495.001t1496t1499.001t1499.002t1499.003t1555t1565t1566t1566.001t1566.002t1566.003t1573t1595t1595.001t1595.002t1595.003t1598t1598.003targeting databasetariff server compromisetariff server themetariffs servertcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodevoipvulnerability scanweb app attackweb application attackweb application exploitationweb attackweb crawlerweb exploitationweb scannerweb spamweb trafficwebscannerwetransfer abusezgrabzivif

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
13
Reports
First seenApr 15, 2025
Last seenJun 11, 2026
GeolocationSG
CountrySingapore
LocationSingapore, North West
ASNAS63949
OrgLinode, LLC
Coords1.2929, 103.8547
Proxy

VirusTotal

Not checked

WHOIS

description
Auto-submitted attacker IPs from 6-region honeypot mesh (cowrie/dionaea/heralding/suricata).
raw
inetnum: 139.0.0.0 - 139.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2023-04-16T10:23:23Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.linkedin.com/posts/starlightintel_starlight-cti-activity-7379885721312063488-MQzH?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7328079059572137984-kHdW?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 13 threat reports