IOC Radar
IPMediumSignal 53/100

64.225.74.178

Location
NetherlandsNetherlands
Amsterdam, Noord-Holland
ASN
AS14061
DigitalOcean, LLC
First Seen
Mar 29, 2023
Last Seen
Jun 5, 2026
Mar 29
First Seen
1165d ago
Jun 5
Last Seen
yesterday
29
Reports
source reports
53%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, Noord-Holland
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

29 reports53% confidence
29
Source reports
53%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactor listaptasiaattackattacker ipattacker-ipauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingbeningbening scannerblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbruteforcebulgariac2c2 communicationcanadacertchinachina mobilecloudcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecode executioncode injectioncode-injectioncogentcolumnscommand & controlcommand and controlcommand executioncommand-injectioncommunication protocolcompany limitedcompromised systemcompromised systemscowriecredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredentialaccesscredit card servicesctrlscyberattackdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedigitaloceanasndirectory-bruteforcedistributed attackselephant flowencryptionenumerationeuropeexploit attemptexploit attemptsexploit public-facing applicationexploitation activityexploitation attemptsexploited hostexternal reconnaissanceexternal scanningexternal-scanningexternal_threatfederationfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghigh volume traffichk abusehandlerhomehoneynet connecthong konghttp brute forcehttp probinghttp scannerhttp scanninghttpshydraidentity & access exploitationindiaindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinitiator ipinjection activityinjection attacksinternet facing assetinternet-facing assetsinternet-facing systemsinternet-wide scanintrusion blockintrusion detectioniociot securityiot targetedip-addressipv4ipv4 activityipv4 iocipv4 scanningjapanlateral movementlinuxlogin attacklogin attemptlogin attemptslogin brute forceloginattackmalicious activitymalicious communication blockingmalicious ip activitymalicious ip blockedmalicious softwaremalicious trafficmalwaremalware beaconingmalware distributionmalware propagationmalware scanningmanualmisp threatmssqlmulti-cloud managementnetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_scanningnlnmapnorth americaopen proxyopen threatopencanaryopportunistic attackotx pulsenametioutbound communication blockingpanamapassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackpinyinpla unitpolandport-scanportscanpossible botnet activitypotential threat actorprocess injectionprotocol exploitationproxyrandomransomwareraspberry-pirdp abuserdp exploitationrdp scanningreconnaissancereconnaissance activityredis protocolremote accessremote servicesresearchedresource hijackingsansscannerscanner activityscanner ipscannersscanning activityscripting attackssecurity operationssecurity policyserver exploitationserviceservice discoveryservice enumerationservice scanshodan_io-benignsingaporesmb brute forcesmtp brute forcesmtp scanningsocial engineeringsocradarsourcespamsql injection attemptssql-injectionsshssh attackswedensynsystem discoveryt1005t1016t1018t1021t1021.001t1021.002t1029t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1550t1550.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1583t1587.001t1588t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tamatiya eoodtargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_discoveryti advisorytimeouttokyotor nodetsectsocudp scanudp-scanningunattributed threat actorunauthorized accessunauthorized access attemptunauthorized loginunit coverunitedunited kingdomunited statesunknown threat actorus noneuservalid accountsverified-benignvoidtrapvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr hostingvultr infrastructurevultr tokyowealth managementweb app attackweb application attackweb attackweb brute forceweb exploitationweb scannerweb spamweb trafficweb-attack

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
29
Reports
First seenMar 29, 2023
Last seenJun 5, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Noord-Holland
ASNAS14061
OrgDigitalOcean, LLC
Coords52.3785, 4.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 64.224.16.0 - 64.225.127.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2021-11-10T13:00:27Z last-modified: 2021-11-10T13:00:27Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://example.com, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/nmap-scanning-list-2023-05-30/, https://jamesbrine.com.au, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7066801465901678592-1n86?utm_source=share&utm_medium=member_desktop

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 1 day ago
Appeared in 29 threat reports