IOC Radar
IPMediumSignal 41/100

138.68.67.34

Location
GermanyGermany
Frankfurt am Main, HE
ASN
AS14061
DigitalOcean, LLC
First Seen
Jul 1, 2025
Last Seen
Apr 9, 2026
Jul 1
First Seen
345d ago
Apr 9
Last Seen
63d ago
15
Reports
source reports
41%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, HE
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

15 reports41% confidence
15
Source reports
41%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcecisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptscisco exploitation attemptcisco_exploitcommand and controlcommunication protocolconpot activityconpot honeypotcowrie activitycowrie honeypotcowrie_attackcredential accesscredential brute-forcingcredential stuffingcredential_accessdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase scandatabase securityddosdecoy systemdenial of servicedevice managementdionaea activitydionaea capturedionaea honeypotdistributed attackselasticpot activityelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexploit attemptsexploit probingexploitationexploitation activityftpftp brute forcegermanyheralding behaviorhoneytrap activityhoneytrap honeypothttp scanninghttps scanningics securityidentity & access exploitationindicatorindustrial control systemsinitial_accessinjection activityiot device targetingiot securityiot/ics attackipphoney activityipphoney honeypotlamplamp attacklamp exploit attemptlamp exploit attemptslamp stack attacklamp stack targetinglamp_exploitlateral movementlinux malware probelinux system targetingmalicious activitymalicious network activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningodin-benignpassword attackspassword sprayingpossible botnet activitypotential compromisepotential malware uploadprocess injectionprotocol abuseprotocol exploitationransomwarereconnaissanceredis honeypotredishoneypot activityremote accessremote servicesresearchedresource developmentresource hijackingscannerscripting attackssentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftp access attemptsftp activitysftp attacksftp intrusion attemptssftp_attacksip brute forcesip scanningsip_attacksocradar honeypotssh attackssh monitoringssh_bruteforcet1021t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.007t1068t1071.001t1077t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1589t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotceunauthorized accessverified-benignvoipvoip attackweb application attackweb application scanweb attackweb exploitationwindows system targeting

Activity Timeline

1 total obs
Apr 9Apr 9

Threat Activity Heatmap

· Peak: 2026-04-09
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
15
Reports
First seenJul 1, 2025
Last seenApr 9, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, HE
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1188, 8.6843

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
inetnum: 138.67.0.0 - 138.80.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2022-09-26T13:20:58Z last-modified: 2022-09-26T13:20:58Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 15 threat reports