138.68.161.99 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 138.68.161.99 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1498 - Network Denial of Service, T1499.002 - Service Exhaustion Flood, T1499 - Endpoint Denial of Service

• Tags: cc.py, cyber security, DDoS, HEAD Floods, ioc, Killnet, malicious, Nextray, phishing, T1498, T1499

• JARM: 27d27d27d00027d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts

• Country: United Kingdom
• Network:
• Noticed: 30 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: siqueirabot.hashrate.to infl.uk my.infl.uk pivx.seed2.fuzzbawls.pw

Open Ports Detected

1000 102 1022 1023 1024 104 110 113 1200 122 1234 1235 1311 1337 135 1400 1414 1433 1443 1515 1521 1604 1723 1741 1800 1801 1833 1911 1926 1935 2000 2002 2003 2006 2008 2012 2030 2031 2100 2107 211 2121 22 221 2211 222 2222 2223 2224 2232 225 23 2323 2332 234 24 2404 2443 26 2628 2701 3001 30303 3101 3102 3104 3106 3108 311 3110 3112 3113 3116 3118 3122 3128 3134 3135 3200 3310 3311 3400 3405 3407 3408 3409 3410 3523 3540 3541 4000 4021 4022 4103 4117 4118 427 4321 441 443 4433 4435 4437 45000 45006 4505 4506 4523 4840 4911 5000 5001 5005 5006 5007 5009 5010 502 5025 503 5120 5123 513 5140 515 522 5222 5227 5229 5232 5233 5237 5240 541 5433 5435 5439 5503 5601 5630 5801 5900 5901 5902 5915 6000 6002 6003 6008 6009 6011 6021 6134 636 6405 6505 6514 66 6603 6633 7001 7006 7007 7014 7016 7018 7022 7100 7218 7415 7434 7441 7535 79 7900 80 8000 8001 8002 8008 8009 8010 8011 8017 8020 8028 8031 8034 8080 8105 811 8112 8119 8122 8123 8125 8126 8139 8140 8141 8142 8200 8238 830 8318 832 8333 8334 8404 8405 8406 8407 8408 8409 8418 8420 8423 8425 8429 8433 8435 8440 8504 8526 8530 8536 8601 8630 8704 88 8800 8803 8805 8812 8814 8817 8818 8828 8829 8834 8840 8842 8900 8901 8902 8911 9000 9012 902 9020 9027 9028 9042 9100 9103 9104 9118 9126 9133 9139 9142 9200 9202 9306 9307 9333 9507 9529 9530 9532 9600 9606 9611 9633 9704 9711 9734 9810 9908 9909 9919 9922 9923 9930 9999

Map

Whois Information

• NetRange: 138.68.0.0 - 138.68.255.255
• CIDR: 138.68.0.0/16
• NetName: DIGITALOCEAN-138-68-0-0
• NetHandle: NET-138-68-0-0-1
• Parent: NET138 (NET-138-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS14061
• Organization: DigitalOcean, LLC (DO-13)
• RegDate: 2016-01-26
• Updated: 2025-03-01
• Comment: Routing and Peering Policy can be found at https://www.as14061.net
• Comment:
• Ref: https://rdap.arin.net/registry/ip/138.68.0.0
• OrgName: DigitalOcean, LLC
• OrgId: DO-13
• Address: 105 Edgeview Drive, Suite 425
• City: Broomfield
• StateProv: CO
• PostalCode: 80021
• Country: US
• RegDate: 2012-05-14
• Updated: 2025-04-11
• Ref: https://rdap.arin.net/registry/entity/DO-13
• OrgTechHandle: NOC32014-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-646-827-4366
• OrgTechEmail: noc@digitalocean.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
• OrgAbuseHandle: DIGIT19-ARIN
• OrgAbuseName: DigitalOcean Abuse
• OrgAbusePhone: +1-646-827-4366
• OrgAbuseEmail: abuse@digitalocean.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN
• OrgNOCHandle: NOC32014-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-646-827-4366
• OrgNOCEmail: noc@digitalocean.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-10-17 anonymous-proxy-ip-list-2023-07-18 anonymous-proxy-ip-list-2023-07-19 ****** anonymous-proxy-ip-list-2023-05-19 anonymous-proxy-ip-list-2023-05-27 anonymous-proxy-ip-list-2023-08-12 anonymous-proxy-ip-list-2023-07-10 anonymous-proxy-ip-list-2023-05-29 anonymous-proxy-ip-list-2023-09-15 anonymous-proxy-ip-list-2023-10-16 anonymous-proxy-ip-list-2023-05-20 anonymous-proxy-ip-list-2023-07-08 anonymous-proxy-ip-list-2023-07-09 anonymous-proxy-ip-list-2023-06-22 ****** anonymous-proxy-ip-list-2023-07-13 ****** anonymous-proxy-ip-list-2023-07-21