IPMediumSignal 37/100
138.199.43.87
Location
United StatesSeattle, Washington
ASN
AS212238
Cdnext SEA
First Seen
Oct 21, 2023
Last Seen
May 31, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
37%
Signal Score
37 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSeattle, Washington
ASNAS212238
OrganizationCdnext SEA
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
8 reports37% confidence
8
Source reports
37%
Confidence score
Category tags
accessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningattackauthenticationautomated attackbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecisco devicecommand and controlcredential accesscredential stuffingdata exfiltrationdata store exposureddosdenial of servicedevice managementdistributed attacksencryptionenterprise networkingexploitationexploitation activityfortiosgroupshackingidentity & access exploitationinformation technologyinitial accessinjection activityipv4it infrastructuremalicious activitymalicious softwaremalwaremobile threatnetworknetwork infrastructurenetwork securitynorth americapalo alto networkspassword attackpassword attacksprocess injectionproxyreconnaissanceremote accessremote servicesresearchedscannerscriptsecurity monitoringsecurity operationsslugsoftware developmentspamssl vpnsurface webt1021.001t1055t1059t1071.001t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1567t1595t1595.001t1595.002t1595.003threat actorthreat intelligencetor nodeunauthorized accessunited statesusvpnvpn ipweb application attackweb exploitation
Activity Timeline
May 31May 31
Threat Activity Heatmap
· Peak: 2026-05-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
37
SIGNAL
Signal Score
37%
Confidence
8
Reports
First seenOct 21, 2023
Last seenMay 31, 2026
GeolocationUS
CountryUnited States
LocationSeattle, Washington
ASNAS212238
OrgCdnext SEA
Coords47.6043, -122.3298
VPN
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 138.198.0.0 - 138.199.95.255 CIDR: 138.198.0.0/16, 138.199.64.0/19, 138.199.0.0/18 NetName: RIPE-ERX-138-198-0-0 NetHandle: NET-138-198-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2003-12-11 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/138.198.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 13 days ago
Appeared in 8 threat reports