IOC Radar
IPMediumSignal 48/100

139.59.66.39

Location
IndiaIndia
Bengaluru, Karnataka
ASN
AS14061
DigitalOcean, LLC
First Seen
Aug 8, 2021
Last Seen
Jun 9, 2026
Aug 8
First Seen
1770d ago
Jun 9
Last Seen
4d ago
23
Reports
source reports
48%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

68 techniques

Network Information

CountryINIndia
RegionBengaluru, Karnataka
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

23 reports48% confidence
23
Source reports
48%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackattack sourceattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassautomated attackautomated attacksautomated threatbad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcingc2chinachina mobilecisco devicecliftoncloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised systemscowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingcredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackddos attemptdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdionaea honeypotdionaea payloadsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploit scanningexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threatfail2ban alertsfail2ban blockfail2ban blocked ipfail2ban blocked ipsfail2ban triggeredfailed authenticationfailed login attemptsfattfatt detectionsfinlandfirewall eventfranceftpftp brute forceftp brute-forcegb-originated trafficgb-originating trafficgermanyhackinghk abusehandlerhoneynet connecthoneytrap eventshoneytrap honeypothong konghttp attackhttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationinindiaindicatorindonesiainfoinformation technologyinitial accessinjection activityinjection attacksiociot securityiot targetedipv4ipv4_addressit infrastructurelamplamp server targetinglateral movementlcialinux-server-attacksloginlogin attacklogin attemptlogin brute forcelogin brute-forcelogin failuremailmailoney eventsmailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagation attemptmod securitymodsecurity alertsmodsecurity attacksmultiple failed loginsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork_service_exploitationnorth americanoticeoceaniap0fp0f signaturespasswordpassword attackpassword attackspassword crackingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandpoland based attackersport-scanningpossible botnet activitypossible malware distributionpotential intrusion attemptprocess injectionprotocol exploitationransomwarerate limiting triggeredreconnaissancereconnaissance activityremote accessremote access attackremote serviceremote servicesremote_accessresearchedresource hijackingscannerscannersscanning activitysecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsserver securityservice scanservice scanningsftp access attemptsftp attacksingaporesmb brute forcesmtpsmtp attacksmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsuricata alertst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1583t1583.006t1588t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertanner eventstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited kingdomunited statesus abuseus nonevoipvoip attackvpsvulnerability scanvultr infrastructureweb app attackweb application attackweb attacksweb brute forceweb exploitationweb loginweb spamweb trafficwordpress brute force

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
23
Reports
First seenAug 8, 2021
Last seenJun 9, 2026
GeolocationIN
CountryIndia
LocationBengaluru, Karnataka
ASNAS14061
OrgDigitalOcean, LLC
Coords12.8498, 77.6545

VirusTotal

Not checked

WHOIS

description
Honeypot
raw
inetnum: 139.59.64.0 - 139.59.79.255 netname: DIGITALOCEAN-AP descr: DigitalOcean, LLC country: IN admin-c: DOIA2-AP tech-c: DOIA2-AP abuse-c: AD699-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-DIGITALOCEAN-AP mnt-irt: IRT-DIGITALOCEAN-AP last-modified: 2020-05-31T21:36:27Z source: APNIC irt: IRT-DIGITALOCEAN-AP address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP auth: # Filtered remarks: [email protected] was validated on 2025-01-09 remarks: [email protected] was validated on 2025-05-20 mnt-by: MAINT-DIGITALOCEAN-AP last-modified: 2025-05-20T15:18:11Z source: APNIC role: ABUSE DIGITALOCEANAP country: ZZ address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 phone: +000000000 e-mail: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP nic-hdl: AD699-AP remarks: Generated from irt object IRT-DIGITALOCEAN-AP remarks: [email protected] was validated on 2025-01-09 remarks: [email protected] was validated on 2025-05-20 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-05-20T15:18:40Z source: APNIC role: Digital Ocean Inc administrator address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 country: US phone: +1 646-827-4366 fax-no: +1 646-827-4366 e-mail: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP nic-hdl: DOIA2-AP mnt-by: MAINT-DIGITALOCEAN-AP last-modified: 2025-04-11T18:24:27Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 days ago
Appeared in 23 threat reports