IOC Radar
IPMediumSignal 72/100

138.68.59.254

Location
United StatesUnited States
Santa Clara, CA
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 22, 2025
Last Seen
Apr 7, 2026
Feb 22
First Seen
490d ago
Apr 7
Last Seen
81d ago
8
Reports
source reports
72%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, CA
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

8 reports72% confidence
8
Source reports
72%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attemptscloud computingcloud infrastructurecloud migrationcloud securitycloud storagecommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securitydecoy systemdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailexploitation activityftp brute forcegithubgroupshoneytrap honeypotidentity & access exploitationindicatorinitial accessinjection activityiot securitylamplamp exploitation attemptslamp stack targetingmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingmulti-cloud managementnetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americaphishingphishing attackphishing trapprocess injectionpythonreconnaissanceresearchedresource hijackingscannerscanning activityscriptsentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsocial engineeringsshssh attackssh monitoringsurface webt1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1078t1110t1110.002t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunited statesusvoipvoip attackvulnerability scan

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
8
Reports
First seenFeb 22, 2025
Last seenApr 7, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, CA
ASNAS14061
OrgDigitalOcean, LLC
Coords37.3417, -121.9753

VirusTotal

Not checked

WHOIS

description
2025-02-22T00:49:50.843Z Honeypot : ElasticPot : Source: 138.68.59.254 : Port: 9200 Event Type: Scan
raw
NetRange: 138.68.0.0 - 138.68.255.255 CIDR: 138.68.0.0/16 NetName: DIGITALOCEAN-138-68-0-0 NetHandle: NET-138-68-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2016-01-26 Updated: 2025-03-01 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/138.68.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 8 threat reports