IOC Radar
IPMediumSignal 59/100

165.232.94.223

Location
NetherlandsNetherlands
Amsterdam, NH
ASN
AS14061
DigitalOcean, LLC
First Seen
Nov 11, 2025
Last Seen
May 5, 2026
Nov 11
First Seen
215d ago
May 5
Last Seen
40d ago
17
Reports
source reports
59%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, NH
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

17 reports59% confidence
17
Source reports
59%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotaptattackaustraliaauthentication abusebad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute-forcebruteforceciscocisco devicecloud computingcloud infrastructurecloud migrationcloud securitycloud storagecommand and controlcommunication protocolcompromised credentialscompromised hostcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotelasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitexploitation activityexploited hostfattftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinjection activityinjection attacksintrusion detectioniociot securitykill-chain exploitationkill-chain reconnaissancelamplateral movementlow-riskmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemulti-cloud managementnetherlandsnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynloceaniaopen proxyopenctiosintp0fpassword attacksphishingphishing attackphishing trapping of deathpotential malicious activityprocess injectionprotocol exploitationproxyreconnaissanceredis honeypotredishoneypotremote accessresearchedresource hijackingscannerscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsftpsftp attacksftp attackssipsip attackssip scansmtpsmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh monitoringt1021t1040t1041t1055t1059t1059.003t1059.007t1071t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotvoipvoip attackvpnvpn ipweb application attackweb application scanweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
17
Reports
First seenNov 11, 2025
Last seenMay 5, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS14061
OrgDigitalOcean, LLC
Coords52.3520, 4.9392
ProxyVPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 165.223.0.0 - 166.7.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2019-01-07T10:48:56Z last-modified: 2019-01-07T10:48:56Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 1 month ago
Appeared in 17 threat reports