IPMediumSignal 79/100
139.99.35.44
Location
SingaporeSingapore, Unknown
ASN
AS16276
OVH Singapore PTE. LTD
First Seen
Jan 11, 2025
Last Seen
Mar 31, 2026
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySingapore
SingaporeRegionSingapore, Unknown
ASNAS16276
OrganizationOVH Singapore PTE. LTD
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
26 reports79% confidence
26
Source reports
79%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney honeypotadbhoney interactionsaptasiaattackattacking-ipsaustraliaauthentication failureauthentication-attemptsautomated attacksautomated-attackbad reputationbad web botblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2 communicationciscocisco asacisco attackcisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentials attemptcompromised hostconpot honeypotconpot interactionscontainer securitycowriecowrie activitycowrie honeypotcowrie interactionscowrie login attemptscowrie ssh attackcowrie ssh honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingctacurlcyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase scandatabase securitydcerpcddosddos attackddospotdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploited hostexternal attackersextortionfattfatt signaturesfinlandfirewall eventfranceftpftp brute forceftp brute-forcegalahgermanygithubglobalgluttongopothackinghellpothoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttpsics securityidentity & access exploitationimapindicatorindicators-of-compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facingintrusion detectioniociot exploit attemptsiot securityiot targetediot/ics attackipphoney honeypotipv4kibanalamplamp attacklamp exploitlamp exploit attemptlamp exploitation attemptslamp server attacklamp stack targetinglateral movementlinuxlinux system targetinglinux-server-attacklinux-server-attackslog4potlogin attemptmac osmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious network activitymalicious payload attemptmalicious payload detectionmalicious softwaremalicious-activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware downloadmalware landingmanualmedpotmssqlmssql brute forcemysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaonyphe-benignopportunistic-attackp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingphishingphishing attackphishing trappolandport-scanningpossible botnet activitypossible exploit attemptpossible intrusion attemptpossible malware propagationpotential botnet activitypotential compromisepotential exploit activitypotential malware deliveryprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspublic ip addresspythonransomwarercereconnaissanceredis exploitation attemptsredis honeypotredishoneypot activityremote accessremote code executionremote servicesresearchedresource developmentresource hijackingsansscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice scansftpsftp access attemptssftp attacksftp attemptsftp-attacksgshell accessshell access attemptshell access attemptssingaporesip attackssip brute forcesip scanningsippslugsmb brute forcesmtpsmtp brute forcesmtp probingsnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsshssh attackssh monitoringssh-brute-forcesurface websuricata alertsuricata alertssyn scansystem disruptiont-pott1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1087.001t1087.002t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1552.001t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploitationtanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat-intelligencetor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited statesverified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-scanningweb application attackweb application scanweb application scanningweb attackweb attacksweb exploitationweb login attemptweb scannerweb shellweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackwgetwindowswindows system targetingwordpot
Activity Timeline
Mar 31Mar 31
Threat Activity Heatmap
· Peak: 2026-03-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
26
Reports
First seenJan 11, 2025
Last seenMar 31, 2026
GeolocationSG
CountrySingapore
LocationSingapore, Unknown
ASNAS16276
OrgOVH Singapore PTE. LTD
Coords1.3521, 103.8200
Proxy
VirusTotal
Not checked
WHOIS
- description
- Seen in CiscoASA honeypot logs within the configured window.
- raw
- inetnum: 139.0.0.0 - 139.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2023-04-16T10:23:23Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 26 threat reports