IPMediumSignal 64/100

`104.236.209.11`

Location

United States

Clifton, NJ

ASN

AS14061

DigitalOcean, LLC

First Seen

Mar 14, 2025

Last Seen

Jun 8, 2026

Mar 14

First Seen

467d ago

Jun 8

Last Seen

16d ago

Reports

source reports

64%

Confidence

medium

Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

88 techniques

Network Information

Country

United States

RegionClifton, NJ

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

25 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningadb exploitationadb honeypot interactionadbhoney activityadbhoney honeypotapi servicesapplication layer protocolaptasiaattackattacker ipaustraliaauthentication attacksauthentication attemptsauthentication failureautomated attackautomated-attackautomated_attacksbad reputationbad web botblacklist ipblacklisted ip activityblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2 communicationchina mobileciscocisco asacisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescloud computingcloud infrastructurecloud migrationcloud securitycloud storagecolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised system detectioncompromised systemsconnected devicesconpotconpot activityconpot attackconpot emulationconpot honeypotcontent deliverycowriecowrie activitycowrie attackcowrie capturecowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_access_attemptsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase scandatabase securityddosddos attackddos attacksddos attemptdecoy systemdefault-cred-rootdenial of servicedevice managementdhcpdhcp exploitationdictionary attackdionaeadionaea activitydionaea attackdionaea capturedionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelasticpot activityelasticpot honeypotelasticsearchelasticsearch exploitationelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexotic portsexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threatfattfinlandfranceftpftp attacksftp brute forceftp brute-forceftp scangermanyhackingheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothong konghttp brute forcehttp probehttp probinghttp scannerhttp scanninghttpsics securityidentity & access exploitationimapimap brute forceindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinitial accessinjection activityinjection attacksinternet facinginternet of thingsinternet-facingintrusion detectioniociot analyticsiot applicationsiot botnetiot device targetingiot exploitationiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglateral movementldapldap exploitationlinuxlinux malware probelinux-server-attacklinux_serverslogin attemptlow-riskmail protocol abusemail service probingmailoney activitymailoney attackmailoney honeypotmailoney trapmalicious activitymalicious activity detectedmalicious code detectionmalicious email activitymalicious ip activitymalicious loginmalicious login attemptsmalicious payload attemptsmalicious payload detectionmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmemcache exploitationmirai botnetmobile carriersmobile networksmodat-benignmssqlmssql brute forcemulti-cloud managementmysql brute forcenetworknetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork-based attack attemptsnorth americantpntp exploitationobserved malicious activityoceaniaoracleoracle databaseoracle exploitationosintp0fpassword attackpassword attacksperimeter devicespermission-changepgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible credential reusepossible credential stuffingpossible exploit attemptpossible lateral movementpossible malware activitypossible malware deliverypossible malware deploymentpossible malware propagationpotential botnet activitypotential credential compromisepotential credential stuffingpotential credential theftpotential exploitpotential exploit activitypotential malware deliverypotential malware distributionpotential malware hostingprivilege escalationprobingprocess injectionprotocol exploitationprotocol-abuseproxyqhoneypot interactionsransomwarerdp attacksreconnaissanceredisredis exploitationredis honeypotredishoneypotredishoneypot activityremote accessremote access abuseremote servicesresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer targetingserver exploitationservice discoveryservice enumerationservice exploitationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp intrusion attemptssftp-attackshellsipsip attackssip brute forcesip scansip scanningsmart devicessmb attackssmb brute forcesmb exploitationsmtpsmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnmp exploitationsocial engineeringsocks5socks5 proxysocks5 proxy activitysocradar honeypotspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcesystem-recont-pott1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1199t1202t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1555t1555.003t1555.004t1555.005t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1588t1588.006t1590t1592t1593t1595t1595.001t1595.002t1595.003t1598tannertanner activitytanner attacktargeting databasetcp protocoltcp scantelecom servicestelecommunicationstelnet attackstelnet attemptstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetimeouttor nodetpotudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunidentified threat actorunited statesunited states of americausus abuseus noneus source ipverified-benignvnc protocolvoipvoip attackvulnerability scanweb apisweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitationweb hostingweb infrastructureweb scannerweb serverweb server attacksweb service probingweb servicesweb shellweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb_attackswebscanwebscanner

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenMar 14, 2025

Last seenJun 8, 2026

GeolocationUS

CountryUnited States

LocationClifton, NJ

ASNAS14061

OrgDigitalOcean, LLC

Coords40.8364, -74.1403

Proxy

VirusTotal

Not checked

WHOIS

description: Unknown source type: h0neytr4p
raw: NetRange: 104.236.0.0 - 104.236.255.255 CIDR: 104.236.0.0/16 NetName: DIGITALOCEAN-104-236-0-0 NetHandle: NET-104-236-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2014-10-28 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/104.236.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references: https://github.com/telekom-security/tpotce

`104.236.209.11`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey