IOC Radar
IPMediumSignal 65/100

103.209.145.149

Location
IndiaIndia
New Delhi, National Capital Territory of Delhi
ASN
AS134926
Micro Hosting Private Limited
First Seen
Mar 6, 2026
Last Seen
Jun 3, 2026
Mar 6
First Seen
92d ago
Jun 3
Last Seen
2d ago
11
Reports
source reports
65%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

14 techniques

Network Information

CountryINIndia
RegionNew Delhi, National Capital Territory of Delhi
ASNAS134926
OrganizationMicro Hosting Private Limited

Feed Intelligence Summary

11 reports65% confidence
11
Source reports
65%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningasiaattacker ipbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebulgariacloudcloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecogentcowriecowrie honeypotcredential accesscredential stuffingctrlsdata store exposureddosddos attackdecoy systemdenial of servicedigital oceandigitaloceanasndionaeadionaea honeypoteuropeexploitation activityexploited hostfatthackinghoneytrap honeypothydraidentity & access exploitationininbound scanindiaindicatorinternet wide scaniot securityiot targetedmailoney honeypotmalicious activitymalicious ipmalwaremalware behaviourmalware capturemiraimulti-cloud managementnetherlandsnetworknetwork probingnetwork scanningnetwork scanning activityp0fpanamapassword attacksphishingphishing attackphishing trapping of deathportscanransomwarereconnaissanceresearchedresource hijackingscanscannerscannersscanning activitysecurity policysensor-taggedsentrypeer botnetserviceservice scansshssh attackssh monitoringt1046t1078t1110.001t1110.002t1110.003t1110.004t1190t1203t1496t1499.001t1595t1595.001t1595.002t1595.003tamatiya eoodtannertcptelnetthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunitedunited kingdomvoip attackvultrweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
11
Reports
First seenMar 6, 2026
Last seenJun 3, 2026
GeolocationIN
CountryIndia
LocationNew Delhi, National Capital Territory of Delhi
ASNAS134926
OrgMicro Hosting Private Limited
Coords20.0063, 77.0060

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 103.209.144.0 - 103.209.147.255 netname: MICROHOST descr: Micro Hosting Private Limited descr: MicroHost.com admin-c: MK1206-AP tech-c: MK1206-AP country: IN mnt-by: MAINT-IN-IRINN mnt-irt: IRT-MICROHOST-IN mnt-routes: MAINT-IN-MICROHOST mnt-routes: MAINT-IN-IRINN status: ASSIGNED PORTABLE geoloc: 28.615118 77.377604 last-modified: 2025-08-11T22:51:55Z source: APNIC irt: IRT-MICROHOST-IN address: B149, Sector 63, Noida,NOIDA,Uttar Pradesh-201301 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: MK1206-AP tech-c: NA554-AP auth: # Filtered remarks: [email protected] was validated on 2024-06-30 mnt-by: MAINT-IN-MICROHOST mnt-by: MAINT-IN-IRINN last-modified: 2026-02-10T04:57:17Z source: APNIC person: Manoj Kumar address: B149, Sector 63, Noida,NOIDA,Uttar Pradesh-201301 country: IN phone: +91 8882088880 e-mail: [email protected] nic-hdl: MK1206-AP mnt-by: MAINT-IN-MICROHOST mnt-by: MAINT-IN-IRINN last-modified: 2025-09-27T09:57:50Z source: APNIC route: 103.209.144.0/22 descr: Micro Hosting Private Limited origin: AS134926 mnt-by: MAINT-IN-MICROHOST mnt-by: MAINT-IN-IRINN mnt-routes: MAINT-IN-IRINN mnt-routes: MAINT-IN-MICROHOST last-modified: 2025-12-14T22:19:09Z source: APNIC
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-05-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, TSOC_IP.csv, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-07/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 2 days ago
Appeared in 11 threat reports