IOC Radar
IPMediumSignal 22/100

138.197.168.123

Location
CanadaCanada
Toronto, Ontario
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 11, 2025
Last Seen
Apr 20, 2026
Feb 11
First Seen
490d ago
Apr 20
Last Seen
57d ago
9
Reports
source reports
22%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
22%
Signal Score
22 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryCACanada
RegionToronto, Ontario
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

9 reports22% confidence
9
Source reports
22%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotaptattackaustraliabad reputationbotnetbotnet activitybrute forcebrute force attemptscacanadacommand and controlcommand injectioncommunication protocolcowriecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securitydecoy systemdionaeadionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionexploitexploitation activityexploitation attemptfattftpftp brute forcegithubgroupshoneytrap honeypothttp scanneridentity & access exploitationinitial accessinjection activityinternet-facingiot securitylamplamp exploitation attemptslamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetworknetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniap0fphishingphishing attackphishing trapprocess injectionprotocol exploitationproxypythonreconnaissanceresearchedresource hijackingscanning activityscriptsensor-taggedsentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsmtpsocial engineeringspamsshssh attackssh monitoringsurface webt1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071t1071.001t1077t1078t1110t1110.002t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotvoipvoip attackvulnerability scanweb traffic

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
22
SIGNAL
Signal Score
22%
Confidence
9
Reports
First seenFeb 11, 2025
Last seenApr 20, 2026
GeolocationCA
CountryCanada
LocationToronto, Ontario
ASNAS14061
OrgDigitalOcean, LLC
Coords43.6547, -79.3623

VirusTotal

Not checked

WHOIS

description
2025-02-15T06:48:48.028Z Honeypot : ElasticPot : Source: 138.197.168.123 : Port: 9200 Event Type: Scan
raw
NetRange: 138.197.0.0 - 138.197.255.255 CIDR: 138.197.0.0/16 NetName: DIGITALOCEAN-138-197-0-0 NetHandle: NET-138-197-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2016-01-26 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/138.197.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 101 Ave of the Americas Address: FL2 City: New York StateProv: NY PostalCode: 10013 Country: US RegDate: 2012-05-14 Updated: 2023-10-23 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-347-875-6044 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-347-875-6044 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: ABUSE5232-ARIN OrgAbuseName: Abuse, DigitalOcean OrgAbusePhone: +1-347-875-6044 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 9 threat reports