IOC Radar
IPMediumSignal 60/100

64.23.218.208

Location
United StatesUnited States
Santa Clara, California
ASN
AS14061
DigitalOcean, LLC
First Seen
Jun 26, 2024
Last Seen
Jun 8, 2026
Jun 26
First Seen
715d ago
Jun 8
Last Seen
3d ago
30
Reports
source reports
60%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

115 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

30 reports60% confidence
30
Source reports
60%
Confidence score
Category tags
50 ip addresses50+ unique ips50_iocabuseabuse scoreabuseipdbaccess attemptaccess controlaccount accessaccount compromiseactive scanactive scanningadbhoney honeypotadversarial actionsafricaalibabaalibaba cloudalibaba ip addressesalibaba ispandorraanomalous activityanomalous behavioranomalous network activityanomalous network trafficanomalyanomaly detectionapacheapache attackerapplication layer attackapplication layer probingapplication layer protocolaptapt activityapt indicationsapt indicatorsapt suspectedargentinaasiaasyncratattackattack campaignattack infrastructureattack originattack origin: russiaattack origin: spainattack sourceattack vectorattack-vectorattacker infrastructureattacker-ipattribution researchau based ipau ip addressau ip addressesau originau originating ipau relatedaustraliaaustralia ipaustralia ip addressesaustralia ipsaustralia originaustralia originating ipaustralia originating ipsaustralia-based ipaustralia-based ipsaustralian ipaustralian ip addressesaustralian ipsauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto blockedauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityauto-updatedauto_blockedauto_blocked_ipautogeneratedautomated activityautomated analysisautomated attackautomated attack attemptsautomated attacksautomated blockingautomated multi-vector probingautomated scanautomated scanningautomated threatautomated threat blockingautomated threat detectionautomated threat responseautomated threatsautomated-attackautomated-blockingbad actorbad actor scorebad reputationbad web botbangladeshbangladesh originbangladesh-based ipsbd ipbd ip addressesbd ipsbd relatedbde 80bde 80+bde highbde high scorebde scorebde score 80bde score 80+bde score analysisbde score highbde score: 80bde score: highbde score:80behavioral analysisbehavioral anomalybehavioral detectionbelgiumblacklisted ipblacklisted ipsblocked ipblocked-ipsblocklist_allblog spambotnetbotnet activitybrand weaponizationbrazilbritish ipbritish ip addressesbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute_forcebrute_force_attackbrute_force_attemptsbruteforcebulgariac&c activityc&c communicationc2c2 activityc2 channelc2 communicationc2 communicationsc2 detectionc2 frameworkc2 indicatorsc2 nodec2 serverca based ipca ipca ip addressca ip addressesca ipsca originca originating ipca relatedcambodiacanadacanada ipcanada ip addresscanada ip addressescanada ipscanada origincanada originating ipcanada originating ipscanada-based ipcanada-based ipscanadian ipcanadian ip addressescanadian ipschinachina-based activitychinese ipsciscocisco devicecisco exploitation attemptsclient executioncloud infrastructurecloud infrastructure attackcloud servicescode executioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommand-and-controlcommand_and_controlcommandandcontrolcommunication channelcommunication protocolcompromise assessmentcompromise attemptcompromise indicatorcompromise indicatorscompromised accountscompromised credentialscompromised devicecompromised hostcompromised host communicationcompromised host indicatorscompromised hostscompromised hosts communicationcompromised infrastructurecompromised ipcompromised ip addressescompromised systemcompromised systemsconnection attemptsconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactioncredential accesscredential access attemptscredential brute-forcingcredential dumpingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_accesscross-country activitycryptocurrencycryptocurrency threatscryptojackingctacyber threatscybercriminal activitydanish ipdanish ip addressesdata analyticsdata collectiondata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata obfuscationdata stagingdata store exposuredata theftdata transferdatabase attackdatabase attacksdatabase securityddosddos activityddos attackddos attack sourceddos attacksddos attemptddos potentialde based ipde ipde ip addressde ip addressesde ip originde ipsde originde originating ipde relateddecoy systemdenial of servicedenial-of-service attemptsdenmarkdenmark based activitydenmark ipdenmark ip addressdenmark ip addressesdenmark ipsdenmark origindenmark originating ipsdetection alertdetectiontimestampdevice managementdigital oceandionaeadionaea honeypotdiscovery techniquesdistributed attackdistributed attack origindistributed attacksdistributed scanningdiverse originsdk ipdk ip addressdk ipsdnsdns attackdominican republicdosdugganusa threat inteldugganusa threat intelligencedutch ip addresseselasticpot honeypotelasticsearch monitoringelectronic health recordselevated bde scoreelevated risk potentialemerging threatemerging threat actorsemerging threatsemerging ttpsencrypted channelencryptionendpoint dosendpoint exploitationenterprise networkingenumerationenumeration activityes based ipes ipes ip addresseses ipses origines relatedeu cyber policieseuropeeurope/asiaeuropean ipsevasion techniquesevolving threatexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit public applicationexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal communicationexternal ipsexternal networkexternal remote servicesexternal threatexternal threat actorexternal_communicationextortionfattfi ipsfinancefinancial servicesfinlandfinland originfinnish ipsfr ipsfranceftpftp attacksftp brute forcegeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-distributed ipsgeo-distributed threatgeo-diverse activitygeo-diverse attackgeo-diverse ipsgeo-diverse originsgeo-diverse threatgeo-located ipsgeo-located threatsgeo-locationgeographic anomaliesgeographic anomalygeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic spreadgeographical distributiongeographical diversitygeographical spreadgeographically distributedgeographically distributed activitygeographically distributed attackgeographically distributed attackersgeographically distributed attacksgeographically distributed threatsgeographically diversegeographically diverse activitygeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse threatsgeoipgeolocated ipgeolocated ipsgeolocated threatgermanygermany-based ipgermany-based ipsgermany-based threatgithubglobal activityglobal attack surfaceglobal distributionglobal ipsglobal originsglobal reachglobal threatglobal threat activityglobal threat landscapegreat britaingreat britain ipgreat britain ipsgreat britain origingreat britain-based iphackinghealth care and social assistancehealth information technologyhealthcare information systemshigh abuse scorehigh bdehigh bde scorehigh confidencehigh confidence indicatorhigh confidence iochigh confidence threathigh riskhigh risk indicatorshigh risk iphigh risk ipshigh severityhigh severity alerthigh severity threathigh suspicion scorehigh threat levelhigh threat potentialhigh threat scorehigh-risk ip activityhigh_bde_scorehk iphk ip addresshk ipshoneynet connecthoneytrap datahoneytrap honeypothong konghong kong iphong kong originhospital managementhostile activityhttp brute forcehttp floodhttp probinghttp scannerhttp scanninghttpshttps scanninghttps-serviceicelandics securityidentity & access exploitationie ipie ip addressesie ipsie originiis-attackil based ipil ipil ip addressil ip addressesil ipsil originil originating ipil relatedimapinbound communicationindependent malicious ipsindiaindicator-of-compromiseindicators of compromiseindonesiaindustrial control systemsinformation technologyinfostealerinfrastructure scanninginitial accessinitial access attemptinitial access attemptsinitial-accessinitial-access-attemptinitial_accessinjection activityinjection attacksinternational activityinternational attackinternational ipsinternational origininternational originsinternational threatinternational trafficintrusion detectioniociocsiocs - ipsiocs presentiocs: 50 ipsiocs: ip addressesiocs: ipsiot securityiot/ics attackip-addressip-blocklistiraqirelandireland ipireland ip addressesireland ipsireland originirish ipsisp-reputationisraelisrael based activityisrael ipisrael ip addressisrael ip addressesisrael ipsisrael originisrael originating ipisrael originating ipsisrael-based ipisrael-based ipsisraeli ipisraeli ip addressesisraeli ipsit infrastructureit ipit ipsitalian ipsitalyitaly ipitaly ip addressesitaly ipsjapanjapan based activityjapan ipjapan ip addressjapan ip addressesjapan ipsjapan originjapan originating ipsjapan-based ipjapan-based threatjapanese based ipjapanese ipjapanese ip addressesjapanese ipsjarmjarm fingerprintjarm fingerprintingjordanjp based ipjp ipjp ip addressjp ip addressesjp ipsjp originjp originating ipknown bad infrastructureknown bad ipsknown bad ispsknown malicious infrastructureknown threat actorknown threat actorskoreakorea, republic ofkyrgyzstanlamplamp stack attacklamp stack targetinglateral movementlateral movement attemptslateral movement detectionlateral movement indicatorslateral movement potentiallateral movement techniqueslatvialeakix-benignliechtensteinlinux-server-attacklithuanialog analysislogin attacklogin attemptlogin attemptsluxembourgmail protocol abusemailoney activitymailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious communicationmalicious domainmalicious hostmalicious infrastructuremalicious intent investigationmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ipsmalicious network activitymalicious network communicationmalicious network trafficmalicious payloadmalicious powershell activitymalicious softwaremalicious ssh activitymalicious sslmalicious trafficmalicious-ipmalicious-ip-addressmalicious-login-attemptsmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware c2 activitymalware campaignmalware capturemalware communicationmalware delivery attemptmalware distributionmalware indicatormalware indicatorsmalware infectionmalware propagationmalware trafficmalware-related botnet activitymass scanningmedical servicesmexicomitre-attackmixed-ip-domainmoroccomulti-country activitymulti-country attackmulti-country originmulti-country origin ipsmulti-country_originmulti-nationalmulti-national activitymulti-national originmulti-national originsmulti-national sourcemulti-national threatmulti-national threat actorsmulti-origin attackmulti-origin threatmulti-regionmulti-regional threatmulti-source attackmulti-source reconnaissance activitymultiple countriesmultiple countries affectedmultiple countries originmultiple countries targetedmultiple geographic locationsmultiple geographic originsmultiple geolocationmultiple geolocation originsmultiple geolocation sourcesmultiple ipsmultiple ispsmultiple origin countriesmultiple origin ipsmultiple originsmultiple regionsnation-state activitynetherlandsnetherlands based activitynetherlands ipnetherlands ip addressnetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating ipsnetherlands-based ipnetworknetwork activitynetwork analysisnetwork anomaliesnetwork anomalynetwork attacksnetwork beaconingnetwork behaviornetwork behavior analysisnetwork communicationnetwork communication anomalynetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork infrastructure targetingnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectednetwork intrusion detectionnetwork intrusionsnetwork intrustionnetwork mappingnetwork monitoring requirednetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service discoverynetwork service scanningnetwork sniffingnetwork threatnetwork threat activitynetwork trafficnetwork traffic analysisnetwork traffic monitoringnetwork-attacknetwork-reconnaissancenetwork_intrusionnetwork_reconnaissancenetwork_scanningnetwork_trafficnl ip addressnl ip addressesnl originating ipno c2 detectedno c2 frameworknorth americanorwaynorway ip addressoceaniaopen proxyopenctiopportunistic threatorganized crime activityorganized cybercrimeoriginating countries: usos credential dumpingotx pulseoutbound connectionsoutbound trafficp0fpassword attackpassword attackspassword crackingpassword sprayingpatient carepattern-32pattern-38periodic communicationpersistence_techniquesphishingphishing attackphishing campaignphishing trapping of deathpolandport-scanport-scanningportscanportscanningpossible aptpossible apt activitypossible attack originpossible backdoorpossible beaconingpossible botnetpossible botnet activitypossible botnet infectionpossible brute forcepossible c2possible c2 activitypossible c2 callbackpossible compromisepossible coordinated attackpossible coordinationpossible credential accesspossible ddospossible emerging threatpossible exploitpossible exploit attemptspossible initial accesspossible intrusionpossible intrusion attemptpossible intrusion attemptspossible lateral movementpossible malicious actorspossible malwarepossible malware activitypossible malware distributionpossible malware hostingpossible malware infectionpossible malware propagationpossible mirai variantpossible reconnaissancepossible reconnaissance activitypossible russian originpossible scanning activitypossible state-sponsored activitypossible threat actorpossible threat coordinationpossible unauthorized accesspossible vulnerability exploitationpost-exploitationpotential aptpotential apt activitypotential backdoorpotential backdoor activitypotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential c2 communicationpotential c2 infrastructurepotential compromisepotential coordinated activitypotential coordinated attackpotential coordinated attackspotential data exfiltrationpotential emerging threatpotential evasionpotential exploitpotential exploit activitypotential exploit attemptpotential exploit attemptspotential exploitationpotential hostile entitiespotential initial accesspotential intrusionpotential intrusion activitypotential intrusionspotential lateral movementpotential malicious activitypotential malwarepotential malware activitypotential malware beaconpotential malware beaconingpotential malware distributionpotential malware infectionpotential network reconnaissancepotential phishing reconnaissancepotential reconnaissancepotential reconnaissance activitypotential scanning activitypotential state-sponsored activitypotential targetingpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability exploitationpotential vulnerability scanningpotential_compromisepotentially compromised hostpowershell activityprocess injectionprotocol exploitationprotocol-abuseproxyransomwareratrdp-protocolrecon activityreconnaissancereconnaissance activitiesreconnaissance activityreconnaissance techniquesregional securityregistry run keysremote accessremote access attemptsremote access toolremote access toolsremote access trojanremote executionremote service exploitationremote servicesremote services exploitationremote system discoveryremote_accessrepublic ofresearchresearchedresidential proxyresource developmentresource hijackingro ip addressrogue ip addressesromaniaromania ipromania ip addressromania ip addressesromania originromania originating ipsromanian ipromanian ip addressesrtbhru ip addressru ip addressesru ip originru originru originating ipru relatedrussiarussia based activityrussia based iprussia iprussia ip addressrussia ip addressesrussia ipsrussia originrussia origin ipsrussia originating iprussia originating ipsrussia relatedrussia-based activityrussia-based iprussia-based ipsrussia-based threatrussia-based threat actorsrussia-linkedrussia-linked activityrussia-linked actorsrussia-linked threat actorsrussia-origin iprussian activityrussian actorsrussian aptrussian based iprussian federationrussian iprussian ip addressrussian ip addressesrussian ipsrussian ispsrussian originrussian origin ipsrussian originating activityrussian originating iprussian threat actorrussian threat actorssaudi arabiascams & fraudscannerscannersscanning activityscheduled task/jobscript injectionscripting attackssecurity eventsecurity incidentsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserbiaservice scansftpsftp access attemptsftp activitysftp attacksftp-attacksingaporesingapore ipsingapore ip addresssingapore ip addressessingapore-based ipsipsip brute forcesip scanningsloveniasmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsomaliasouth africasouth americasouth koreasouth korea ipspainspain-based ipsspamspam campaignspammingspanish ipspanish ip addressesspanish ipssql injectionsql-injectionsshssh attackssh attacksssh monitoringssh-brutessh-brute-forcessh-protocolsslssl c2ssl certificatessl certificate analysisssl certificate enrichmentssl enrichmentssl-certificate-analysisssl-enrichmentssl-tls-analysisssl/tlsssl/tls enrichmentssl_certificate_analysisssl_certificate_iocssl_enrichmentstartup folderstate-sponsoredstate-sponsored activitystealcstix 2.1stix feedstix-2.1supply chain attacksupply-chainsuspected apt activitysuspected botnet activitysuspected compromisesuspected intrusionsuspected malicious activitysuspected malicious originsuspected malwaresuspected malware distributionsuspected reconnaissancesuspected threat actorswedensyn floodsyrian arab republicsystem discoverysystem disruptionsystem information discoveryt1001t1003t1003.001t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.004t1027t1036.006t1040t1041t1043t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1060t1068t1071t1071.001t1071.001 web protocolst1071.002t1071.003t1071.004t1071.004 vpnt1075t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1124t1133t1140t1189t1190t1195.002t1203t1204t1204.002t1205t1210t1211t1219t1486t1490t1496t1499t1499.001t1499.002t1499.003t1547.001t1550t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.006t1585t1586t1588t1588.002t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003t1595: active scanningt1598t1598.003ta0001: initial accesstannertargeting databasetcp protocoltcp scantcp scanningteam cymrutelecommunicationstelnet threattelnet-brute-forcetencenttencent ip addressestencent ispthreat activitythreat actorthreat actor activitythreat actorsthreat alertthreat detectionthreat feedthreat hosting ispthreat intelligencethreat intelligence feedthreat monitoringthreat origin: usthreat preventionthreat-intelthreat-intelligencethreat-intelligence-feedthreat_intelthreat_intel_feedtor nodetpottraffic analysistraffic analysis neededtraffic analysis requiredtraffic anomaliestraffic anomalytraffic anomaly detectiontraffic monitoringttpsturkeyudp port scanudp scanuk based activityuk ip addressukraineukraine ipukrainian threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized network accessunauthorized network activityunauthorized-access-attemptunidentified adversaryunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipsunited states of americaunited states originunited states-based ipunknown threat actorunusual traffic patternsusus based activityus based ipus ip addressus ip addressesus ip originus originus origin ipsus originating activityus originating ipus originating ipsus relatedus threat actorus-based ipsus-based threatusa originuzbekistanvalid accountsvenezuela, bolivarian republic ofverified-benignvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvulnerability-scanvultrwebweb app attackweb application attackweb attackweb attacksweb exploitationweb protocolweb protocol abuseweb protocolsweb shellweb spamweb trafficweb-application-attackweb-attack

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
30
Reports
First seenJun 26, 2024
Last seenJun 8, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
AbuseIPDB 100% | US | DigitalOcean, LLC
raw
NetRange: 64.23.128.0 - 64.23.255.255 CIDR: 64.23.128.0/17 NetName: DIGITALOCEAN-64-23-128-0 NetHandle: NET-64-23-128-0-1 Parent: NET64 (NET-64-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2020-01-06 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/64.23.128.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7239653150750621696-Y9xF?utm_source=share&utm_medium=member_desktop, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 30 threat reports