IPMediumSignal 78/100

`164.92.106.15`

Location

United States

Santa Clara, California

ASN

AS14061

DigitalOcean, LLC

First Seen

Oct 19, 2022

Last Seen

Jun 4, 2026

Oct 19

First Seen

1333d ago

Jun 4

Last Seen

9d ago

Reports

source reports

78%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

78%

Signal Score

78 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

32 reports78% confidence

Source reports

78%

Confidence score

Category tags

abuseabuseipdbaccount compromiseaccount takeover attemptsackactive reconnaissanceactive scanactive scanningaerospace & defenseapplication layer protocolaptasiaattackattacker ipattacker-ipauthenticationauthentication attacksauthentication attemptsauto-generated securityautomated multi-vector probingautomotive manufacturingbad reputationbad web botbankingbeningbening scannerblacklisted ip addressblockblock listblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2certchina mobilecivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised hostcompromised systemscredential accesscredential attackcredential compromisecredential harvestingcredential stuffingcredential_attackcredit card servicesctacyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdoselectronics manufacturingelephant flowencryptionenumerationeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal reconnaissancefinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanygovernment technologyhackinghigh volume traffichk abusehandlerhoneynet connecthong konghttp brute forcehttp scannerhttp scanninghttpsidentity & access exploitationimapindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinitiator ipinjection activityinjection attacksinternet facing assetinternet-wide scanintrusion blockintrusion detectioniociot securityiot targetedip-addressipv4ipv4 iocipv4 scanningit infrastructurejapanlateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalicious activitymalicious ip activitymalicious softwaremalwaremalware detectionmalware distributionmalware propagationmalware propagation attemptmalware scanningmanualmanufacturing technologymilitary operationsmssqlnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-attacknetwork_attacknextraynorth americaopen proxyopenctipassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackpolandport-scanportscanpossible botnet activitypotential intrusionprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarerdp exploitationrdp scanningreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscams & fraudscannerscanner ipscannersscanning activityscripting attackssecurity operationsserver exploitationservice scanshodan_io-benignsip_protocolsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradarsoftware developmentsourcespamsql injection attemptssql serversql-injectionsshssh attacksupply chain attacksupply chain managementsynsyn scansystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1550t1550.003t1563t1565t1566t1566.001t1566.002t1566.003t1583t1587.001t1588t1588.002t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat-intelligencetimeouttokyotor nodetsecudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneverified-benignvoidtrapvoipvulnerability scanvulnerability-scanvultrvultr cloud infrastructurewazuhwealth managementweb app attackweb application attackweb attackweb exploitationweb scannerweb spamweb trafficweb-attack

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

78%

Confidence

Reports

First seenOct 19, 2022

Last seenJun 4, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS14061

OrgDigitalOcean, LLC

Coords37.3986, -121.9640

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 164.92.64.0 - 164.92.255.255 CIDR: 164.92.64.0/18, 164.92.128.0/17 NetName: DO-13 NetHandle: NET-164-92-64-0-1 Parent: NET164 (NET-164-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2020-05-04 Updated: 2020-05-04 Ref: https://rdap.arin.net/registry/ip/164.92.64.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

`164.92.106.15`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy