IPMediumSignal 56/100
209.38.94.209
Location
AustraliaSydney, New South Wales
ASN
AS14061
DigitalOcean, LLC
First Seen
Dec 30, 2024
Last Seen
Mar 29, 2026
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryAustralia
AustraliaRegionSydney, New South Wales
ASNAS14061
OrganizationDigitalOcean, LLC
Feed Intelligence Summary
21 reports56% confidence
21
Source reports
56%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaptasiaattackaustraliaauthenticationauthentication attackauto-generated securitybad reputationblacklisted ipblocklist_allbotnetbotnet activitybotnet communicationbrute forcebrute force attackbrute force attemptcloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingctadata exfiltrationdata store exposuredatabase attackddosdecoy systemdenial of servicedigital oceandigitalocean ipdionaea honeypotdistributed attackseuropeexploitexploitation activityexploited hostfailed login attemptsfattftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanningidentity & access exploitationindicatorinjection activityintrusion detectioniocjapanlamplamp stack attacklateral movementlogin attackmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trappossible mirai variantprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice enumerationservice scansftp activitysftp attacksmtp brute forcessh attackssh monitoringsynt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.007t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1567t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunauthorized access attemptunited kingdomunited statesusvoip attackweb attackweb exploitation
Activity Timeline
Mar 29Mar 29
Threat Activity Heatmap
· Peak: 2026-03-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
21
Reports
First seenDec 30, 2024
Last seenMar 29, 2026
GeolocationAU
CountryAustralia
LocationSydney, New South Wales
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220
VirusTotal
Not checked
WHOIS
- description
- Host bruteforcing SSH
- raw
- inetnum: 209.0.0.0 - 209.255.255.255 netname: ARIN-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the ARIN Whois, which contains remarks: details of IP addresses allocated in North America, remarks: parts of the Caribbean, and sub-equatorial Africa: remarks: remarks: website: https://ws.arin.net/whois remarks: command line: whois.arin.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2009-05-01T03:52:53Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://redpiranha.net, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 21 threat reports