IPMediumSignal 68/100

`164.92.114.247`

Location

United States

Santa Clara, California

ASN

AS14061

DigitalOcean, LLC

First Seen

Oct 20, 2022

Last Seen

Jun 6, 2026

Oct 20

First Seen

1333d ago

Jun 6

Last Seen

9d ago

Reports

source reports

68%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

68%

Signal Score

68 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

66 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS14061

OrganizationDigitalOcean, LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

29 reports68% confidence

Source reports

68%

Confidence score

Category tags

abuseabuseipdbaccount compromiseaccount takeover attemptsackactive reconnaissanceactive scanactive scanningalaskaanomalous network connectionsapplication layer protocolaptasiaattackattacker ipattacker-ipauthentication attackauthentication attacksauthentication attemptsauthentication bypassauto-generated securityautomated multi-vector probingbad ip'sbad reputationbad web botbankingbeningbening scannerblacklisted ip addressblockblock listblock.txtblocked ipbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcec2certchina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommon password attackscommunication protocolcompany limitedcompromised systemscowriecredential accesscredential attackcredential bruteforcingcredential compromisecredential harvestingcredential stuffingcredit card servicescsvctacyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdistributed attackselephant flowemfencryptionenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal attackexternal reconnaissanceexternal remote servicesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghigh volume traffichk abusehandlerhoneynet connecthong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationimageimapindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinitiator ipinjection activityinjection attacksinternet facing assetinternet-wide scanintrusion blockintrusion detectioninvalid login attemptsiociot securityiot targetedip-addressipv4ipv4 iocipv4 scanningit infrastructurejapanlateral movementlogin attacklogin attemptlogin attemptsmalicious activitymalicious ip activitymalicious softwaremalicious trafficmalwaremalware distributionmalware propagationmalware propagation attemptmalware scanningmanualnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork threatnetwork traffic analysisnetwork-attacknmapnorth americaopen proxyopencanaryopenctioriginpassword attackpassword attackspayment processingpgp signphishingphishing attackpolandport-scanportscanpossible botnet activitypossible malware distributionpossible vulnerability exploitationpotential intrusionprobingprocess injectionprotocol exploitationproxyransomwareraspberry-pirdp exploitation attemptsrdp protocolrdp scanningreconnaissancereconnaissance activityredisremote accessremote servicesresearchedresource hijackingresponder ipscams & fraudscannerscanner ipscannersscanningscanning activityscripting attackssecurity operationsservice enumerationservice scanshodan_io-benignsipsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradarsoftware developmentsourcespamsql injection attemptssql-injectionsshssh attacksuricata alertssynsyn scansystem accesssystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1497t1498t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1587.001t1588t1588.002t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelnet scanningtelnet threattextthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat-intelligencetimeouttokyotop10.txttopips.txttor nodetrashtsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesunited states of americaunknown threat actorusus abuseus nonevalid accountsverified-benignvirustotal analysisvoidtrapvulnerability scanvulnerability-scanvultrvultr cloud infrastructurewazuhwazuh alertswealth managementweb app attackweb application attackweb attackweb crawlerweb crawlingweb exploitationweb scannerweb spamweb trafficweb-attackwebscanwebscanner

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

68%

Confidence

Reports

First seenOct 20, 2022

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS14061

OrgDigitalOcean, LLC

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: NetRange: 164.92.64.0 - 164.92.255.255 CIDR: 164.92.128.0/17, 164.92.64.0/18 NetName: DO-13 NetHandle: NET-164-92-64-0-1 Parent: NET164 (NET-164-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2020-05-04 Updated: 2020-05-04 Ref: https://rdap.arin.net/registry/ip/164.92.64.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references: https://www.virustotal.com/graph/gf2367acdb5034913b48bf08089707f4762a1a847506e4e8f9d7cf028f084d3fa, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, may_14_report-20240514085413-7941_0_Table_View_of_Connection_Events.csv, 1704208102_214127.csv, https://jamesbrine.com.au/nmap-scanning-list-2023-05-26/, https://jamesbrine.com.au, https://jamesbrine.com.au/nmap-scanning-list-2023-05-24/

`164.92.114.247`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy