IPMediumSignal 63/100

`206.189.156.69`

Location

Singapore

Singapore, South West

ASN

AS14061

DigitalOcean, LLC

First Seen

Jan 19, 2025

Last Seen

Jun 7, 2026

Jan 19

First Seen

511d ago

Jun 7

Last Seen

8d ago

Reports

source reports

63%

Confidence

medium

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

63%

Signal Score

63 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Network Information

Country

Singapore

RegionSingapore, South West

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

16 reports63% confidence

Source reports

63%

Confidence score

Category tags

abuseacademic institutionsactive scanactive scanningai applicationsai researchai solutionsalienvault_ransomwareapixapt 28artificial intelligenceasiaattackauthentication bypassbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute_forcec2c2 domainc2 frontedc2 frontingcertcert-ua#8399certuacisacisa advisorycobalt strikecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncomputer visioncontactcredential accesscredential harvestingcredential stuffingcredential_accesscrypto cybercryptocurrencycryptocurrency threatscryptojackingcve-20cybercyber threatcyboxd brokerdbdata encryptiondata exfiltrationdata store exposuredatabase securitydb brokerdb accessddosddos attackdeep learningdefencedenial of servicedistributed attackseducational resourceseducational serviceseducational technologyelectronic health recordsencryptionexfiltrationexploitexploitation activityexploitation of pgpasswordexploited hostfileobjfinancefraud ordersfraud voipfronted domainfronting domainftpftp brute forceftp brute-forcego trojangogogsbadmin credential compromisehackinghashhasheshealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhourhttp brute forcehttpsidentity & access exploitationindicatorindustries/all industriesinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial exploitinjection activityinjection attacksinstalliot securityiot targetedipv4ivanti cloudivanti connect secureivanti epmmivanti policy securek-12 educationlateral movementlocalmachine learningmalicious activitymalicious downloadmalicious softwaremalwaremalware distributionmanualmasepiematrixmedical servicesmineral processingminingmining equipmentmining operationsmining poolmining sustainabilitymining technologymythic ipnation-state activitynatural language processingnetworknetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissanceobjectoceanmapoceanmap c2oligo securityopen proxyopenaiopensshpassword attackpassword attackspatient carepayload md5persistence mechanismspgpasswordpgsqlpwphishingphishing attackping of deathpool endpointpossible cobaltpossible dcratpossible deimospossible havocpossible pupypossible qakbotpossible sliverpossible viperprivilege escalationprocess injectionprotocol exploitationproxypsexecpushpythonransomwarerat iprayrce vulnerabilityreconnaissanceredacted gsbremote accessremote code executionremote servicesresearchedresource extractionresource hijackingreverse shellscams & fraudscannerservice scansgshadowshell payloadsingaporesmallsmbexecsocial engineeringsoftware exploitationspamssh attackstixstorystrike c2strongsyn scant1003t1003.001t1021t1021.001t1021.002t1027t1027.003t1040t1046t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1199t1203t1204.001t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1543.003t1547.001t1548t1550.002t1552t1555.003t1556t1563t1564t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp scanteamtechnology/ivanti endpoint managertelnet threatthreatthreat actorthreatsthreattype/account compromisethreattype/code executionthreattype/credential theftthreattype/nation-state actorthreattype/remote code executionthreattype/vulnerability exploitationthreattype/webshell deploymenttimetitletoolstor nodeu gsbadminudp scanupgradeusvirustotal hashvpnvpn ipvulnerabilitiesvulnerability scanweb application attackweb exploitationweb spamwebshell deploymentzerozero-day vulnerability

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

63%

Confidence

Reports

First seenJan 19, 2025

Last seenJun 7, 2026

GeolocationSG

CountrySingapore

LocationSingapore, South West

ASNAS14061

OrgDigitalOcean, LLC

Coords1.3078, 103.6818

ProxyVPN

VirusTotal

Not checked

WHOIS

description: CC=SG ASN=AS14061 DIGITALOCEAN-ASN
raw: inetnum: 206.0.0.0 - 206.255.255.255 netname: ARIN-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the ARIN Whois, which contains remarks: details of IP addresses allocated in North America, remarks: parts of the Caribbean, and sub-equatorial Africa: remarks: remarks: website: https://ws.arin.net/whois remarks: command line: whois.arin.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2009-05-01T03:52:53Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references: https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild, https://cert.gov.ua/article/6276894, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications_0.pdf, https://www.ic3.gov/CSA/2025/250122.pdf, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf, https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa, CERT-UA#8399.txt

`206.189.156.69`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy