IOC Radar
IPMediumSignal 29/100

138.199.43.96

Location
United StatesUnited States
Seattle, WA
ASN
AS212238
Cdnext SEA
First Seen
Jul 16, 2024
Last Seen
Jun 5, 2026
Jul 16
First Seen
706d ago
Jun 5
Last Seen
16d ago
10
Reports
source reports
29%
Confidence
medium
1/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
29%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryUSUnited States
RegionSeattle, WA
ASNAS212238
OrganizationCdnext SEA

IP Category

VPN
VPN exit node

Feed Intelligence Summary

10 reports29% confidence
10
Source reports
29%
Confidence score
Category tags
abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningalienvault_ransomwareattackauthenticationautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecommand and controlcredential accesscredential brute forcingcredential stuffingdarkforumsdata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attacksencryptionenumerationexploitexploitation activityfortiosftp brute forcegroupshackinghttp brute forceidentity & access exploitationinformation technologyinjection activityipv4it infrastructurelogin attacksmalicious activitymalicious softwaremalwaremobile threatnetworknetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynorth americapassword attackpassword attackspotential threat actorprocess injectionproxyransomwarereconnaissanceremote accessremote servicesresearchedscannerscriptsecurity operationsslugsoftware developmentspamssh attackssl vpnsurface websyn scant1016t1021t1021.001t1046t1055t1059t1068t1071.001t1076t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1567t1588t1592t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencetor nodetpottsecudp scanunauthorized accessunauthorized loginunited statesusvpnvpn ipvulnerability scanvulnerability-exploitationweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
29
SIGNAL
Signal Score
29%
Confidence
10
Reports
First seenJul 16, 2024
Last seenJun 5, 2026
GeolocationUS
CountryUnited States
LocationSeattle, WA
ASNAS212238
OrgCdnext SEA
Coords47.6034, -122.3414
VPN

VirusTotal

1/ 91vendors flagged
1% detection rateJun 7, 2026

WHOIS

description
Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 138.199.43.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).
raw
NetRange: 138.198.0.0 - 138.199.95.255 CIDR: 138.199.64.0/19, 138.199.0.0/18, 138.198.0.0/16 NetName: RIPE-ERX-138-198-0-0 NetHandle: NET-138-198-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2003-12-11 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/138.198.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 16 days ago
Appeared in 10 threat reports