IOC Radar
IPMediumSignal 50/100

209.38.234.247

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS14061
Digital Ocean
First Seen
Feb 12, 2025
Last Seen
May 19, 2026
Feb 12
First Seen
501d ago
May 19
Last Seen
40d ago
14
Reports
source reports
50%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS14061
OrganizationDigital Ocean

IP Category

VPN
VPN exit node

Feed Intelligence Summary

14 reports50% confidence
14
Source reports
50%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney exploitsadbhoney honeypotapacheapache attackerattackaustraliabad reputationbad web botblacklisted ipblog spambotnetbotnet activitybotnet communicationbrute forcebrute force attackbrute force attacksciscocisco asa targetedcisco devicecommand and controlcommunication protocolcompromised credentialscowriecowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securityddosdedecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea malware collectionelasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitexploit attemptsexploitation activityexploitation attemptsexploited hostfattftp brute forcegermanyhackinghoneytrap honeypothttp brute forceidentity & access exploitationindicatorintrusion detectioniociot securityipv4lamplamp stack targetinglateral movementlogin attemptsmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware distributionmonthlynetworknetwork infrastructurenetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniaopenctip0fpassword attacksphishingphishing attackphishing trappossible credential stuffingpotential lateral movementpotential malicious activityprotocol exploitationreconnaissanceredis honeypotredishoneypotremote service exploitationremote servicesresearchedresource hijackingscannerscripting attackssensor-taggedsentrypeer botnetsftpsftp access attemptsftp attacksftp attackssftp probingsipsip attackssip scansip scanningsmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh monitoringt1021t1021.001t1040t1041t1059t1059.004t1059.007t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1496t1499.001t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized access attemptsunited statesvoipvoip attackvpnvpn ipweb application attackweb application scanweb attackweb exploitationweb spam

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
14
Reports
First seenFeb 12, 2025
Last seenMay 19, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS14061
OrgDigital Ocean
Coords37.7510, -97.8220
VPN

VirusTotal

Not checked

WHOIS

raw
NetRange: 209.38.0.0 - 209.38.255.255 CIDR: 209.38.0.0/16 NetName: DO-13 NetHandle: NET-209-38-0-0-1 Parent: NET209 (NET-209-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2021-10-01 Updated: 2024-05-07 Ref: https://rdap.arin.net/registry/ip/209.38.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 14 threat reports