IPMediumSignal 55/100
138.197.16.14
Location
United StatesClifton, NJ
ASN
AS14061
Digital Ocean
First Seen
Mar 19, 2024
Last Seen
Jun 6, 2026
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionClifton, NJ
ASNAS14061
OrganizationDigital Ocean
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
22 reports55% confidence
22
Source reports
55%
Confidence score
Category tags
abuseaccess controlaccess toolaccount compromiseaccount takeover attemptsackactive reconnaissanceactive scanactive scanningadbadbhoney honeypotanomalous network connectionsapacheapache attackerapplication layer protocolapplication protectionaptasaasiaattackattack attemptattack sourceattack surface discoveryattacker ipattacker-ipattacker_ipaustraliaauthentication attacksauthentication attemptsautomated activityautomated attackautomated attack attemptsautomated enumerationautomated reconnaissance activityautomated threatautomated-attackbad reputationbad web botbankingbianlianblacklist candidateblacklist ipblacklisted ip addressblock listblock.txtblocklist_allblog spambotnetbotnet activitybotsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationcanadachina mobilecisco asacisco deviceclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised hostcompromised systemsconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential access attemptcredential attackcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-abusecredential-accesscredential-bruteforcingcredential_attackcredentialaccesscredit card servicescurlcvecvescyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata loaderdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddos preparationddos probeddospotdecoy systemdelving intodenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary_attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropperdropper activityelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackersexternal ipexternal threatexternal-scanningexternal-threatexternal_threatextortionf5 labsfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfirewall eventfranceftpftp attackftp attacksftp brute forceftp scangalahgeckogermanygluttongopotgtighackinghellohellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapindicators of compromiseindustrial control systemsinformation gatheringinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetingingress tool transferinitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksintel macinternet facing assetinternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-wide monitoringinternet-wide scaninternet_scannersintointrusion detectioniocioc.ipiocsiot botnetiot securityiot targetediot/ics attackip-addressesipp honeyipphoney honeypotipv4ipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-iocipv4_addressit supportjapankhtmlkibanalateral movementlinux x8664log4potlogin attacklogin attemptlogin attemptslogin failurelogin_attemptloginattacklondonmacosmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware droppermalware propagationmass scanningmedpotmelbourne regionmicrosoft 365mirai botnetmobilemobile securitymonitoringmonthlymssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnorth americanull scanoceaniaoktaopenopenctiopportunistic attackopportunistic attackeropportunistic-attackos fingerprintingos xoutlookp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparisparquet avropassword attackpassword attackspassword sprayingpassword_attackpayment processingpgp signphishingphishing attackphishing trappolandport-scanningportalportscanpossible botnet activitypossible exploit attemptspossible malware distributionpotential botnetpotential intrusionpotential threat actorpotential vulnerability probingpotential_compromiseprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolpublic ip addressransomexxransomwareratsrcerdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredis honeypotregional securityremote accessremote access attackremote access toolremote code executionremote servicesresearchresearchedresource hijackingscanscannerscanner activityscanner detectionscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor intelsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice_enumerationsftp activitysftp attackshell accessshell access attemptsip attackssip brute forcesip scanningsippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsparkratsparkrat remotesql injectionsql injection attemptsql-injectionsshssh attackssh attacksssh monitoringssh scanssh-brutesuricata alertsuricata alertssynsyn scansystem accesssystem disruptiont-pott1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1105t1110t1110.001t1110.002t1110.003t1110.004t1114t1133t1187t1189t1190t1192t1195t1203t1204t1204.002t1219t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1547t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1583t1588t1588.002t1588.006t1589t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet attackstelnet scantelnet scanningtelnet threatthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencethreatstimeouttokyotoolstop10.txttopips.txttor nodetorontotpottrojan malwareubuntuudp port scanudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunc6040united kingdomunited statesunknown actorunknown threat actorunusual network trafficusus abuseus nonevnc protocolvoice phishingvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activitywealth managementweb app attackweb application attackweb application attacksweb application scanweb attackweb brute forceweb crawling detectionweb exploitationweb exploitsweb login attemptweb scannerweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwgetwindows ntwordpotxmas scan
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
22
Reports
First seenMar 19, 2024
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationClifton, NJ
ASNAS14061
OrgDigital Ocean
Coords40.8364, -74.1403
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 138.197.0.0 - 138.197.255.255 CIDR: 138.197.0.0/16 NetName: DIGITALOCEAN-138-197-0-0 NetHandle: NET-138-197-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2016-01-26 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/138.197.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
- references
- https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://www.f5.com/labs/articles/threat-intelligence/delving-into-the-sparkrat-remote-access-tool, https://chiraba.com:8443/hourly, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 22 threat reports