IOC Radar
IPMediumSignal 61/100

68.183.117.66

Location
United StatesUnited States
North Bergen, New Jersey
ASN
AS14061
DigitalOcean, LLC
First Seen
Jul 8, 2025
Last Seen
May 30, 2026
Jul 8
First Seen
341d ago
May 30
Last Seen
14d ago
9
Reports
source reports
61%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Network Information

CountryUSUnited States
RegionNorth Bergen, New Jersey
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

9 reports61% confidence
9
Source reports
61%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute-forcecisco devicecisco exploitation attemptscloud computingcloud migrationcloud securitycloud storagecommand and controlcommunication protocolcowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase probingdatabase securitydecoy systemdevice managementdionaea activitydionaea honeypotdistributed attacksenterprise networkingexploitation activityexploited hosthackingheralding activityhoneytrap activityhoneytrap honeypothttp probingidentity & access exploitationindicatorinjection activitykill-chain exploitationkill-chain reconnaissancelamplamp attackslamp stack targetinglow-riskmalicious activitymalicious code detectionmalicious softwaremalwaremalware behaviourmalware capturemulti-cloud managementnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynorth americaopen proxyosintpassword attacksprocess injectionproxyransomwarerdpreconnaissanceredis honeypotresearchedresource hijackingscannersentrypeer botnetsftp activitysftp attacksftp attemptsip brute forcesip scanningsocradar honeypotssh attackssh monitoringt1005t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencethreat-intelligencetor nodetpotunited statesusvoipvoip attackweb app attack

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
9
Reports
First seenJul 8, 2025
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationNorth Bergen, New Jersey
ASNAS14061
OrgDigitalOcean, LLC
Coords40.7930, -74.0247
Proxy

VirusTotal

Not checked

WHOIS

description
Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level3, firehol:listed, gti:suspicious. 68.183.117.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (minimal, reported).
raw
NetRange: 68.183.0.0 - 68.183.255.255 CIDR: 68.183.0.0/16 NetName: DIGITALOCEAN-68-183-0-0 NetHandle: NET-68-183-0-0-1 Parent: NET68 (NET-68-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2018-09-18 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/68.183.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 14 days ago
Appeared in 9 threat reports