IPMediumSignal 85/100

`143.110.239.2`

Location

United States

Santa Clara, CA

ASN

AS14061

DigitalOcean, LLC

First Seen

Sep 7, 2021

Last Seen

Jun 6, 2026

Sep 7

First Seen

1743d ago

Jun 6

Last Seen

11d ago

Reports

source reports

85%

Confidence

medium

Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

85%

Signal Score

85 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

52 techniques

Network Information

Country

United States

RegionSanta Clara, CA

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

31 reports85% confidence

Source reports

85%

Confidence score

Category tags

abuseaccount compromiseaccount takeover attemptsackactive reconnaissanceactive scanactive scanningaerospace & defenseafricaapplication layer protocolaptasiaattackattacker ipattacker-ipauthenticationauthentication attackauthentication attacksauthentication attemptsautomated multi-vector probingautomotive manufacturingbad reputationbad web botbeningbening scannerblacklisted ip addressblocklist_allbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcebrute_force_attackbruteforcec2chinacivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand executioncommunication protocolcompromised systemcowriecredential accesscredential attackcredential compromisecredential guessingcredential harvestingcredential stuffingcyberattackdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of serviceegyptelectronics manufacturingencryptionenumerationeuropeexploit attemptexploitationexploitation activityexploited hostexternal reconnaissanceexternal scanningexternal_threatfinlandfrancefraud voipftpftp brute forceftp brute-forceftp_scangermanygovernment technologyhackinghoneynet connecthttp brute forcehttp probinghttp scannerhttp_scanhttpsidentity & access exploitationimapindiaindicatorindonesiaindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet facing assetinternet-wide scaninternet_wide_scanintrusion detectionintrusion detection systemiociot securityiot targetedip-addressipv4ipv4 iocipv4 scanningipv4_scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissancekorealateral movementlogin attacklogin attemptlogin brute forcemalicious activitymalicious communication blockingmalwaremalware beaconingmanualmanufacturing technologymedium-riskmilitary operationsmssqlnational securitynetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork-attacknetwork_reconnaissancenextraynorth americaopen proxyopencanaryopenctipassword attackpassword attacksphishingphishing attackpolandport-scanportscanpotential intrusionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwareraspberry-pirdp scanningrdp_scanreconnaissanceredisregulatory agenciesremote accessremote access attemptremote servicesresearchedresource hijackingscams & fraudscannerscanner ipscannersscanning activitysecurity operationsserver exploitationservice discoveryservice scanshodan_io-benignsipsmb brute forcesmtpsmtp brute forcesocial engineeringsoftware developmentspamsql-injectionsshssh attackssh_scansupply chain attacksupply chain managementsynsystem accesst1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1029t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1566.001t1566.002t1566.003t1573t1583t1587.001t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelnet scanningtelnet threatthailandthreat actorthreat detectionthreat intelligencethreat-intelligencethreat_actor_unknowntokyotor nodetsecudp scanunauthorized access attemptunitedunited kingdomunited statesunited states of americaunknown threat actorusverified-benignvietnamvoidtrapvulnerability scanvulnerability-scanvultrvultr cloud infrastructurewazuhweb app attackweb application attackweb exploitationweb spamweb trafficweb-attack

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

85%

Confidence

Reports

First seenSep 7, 2021

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, CA

ASNAS14061

OrgDigitalOcean, LLC

Coords37.3931, -121.9620

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 143.110.128.0 - 143.110.255.255 CIDR: 143.110.128.0/17 NetName: DIGITALOCEAN-143-110-128-0 NetHandle: NET-143-110-128-0-1 Parent: NET143 (NET-143-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2020-01-17 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/143.110.128.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN
references: https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-6953731245126168576-q5hP?utm_source=linkedin_share&utm_medium=member_desktop_web

`143.110.239.2`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy