IOC Radar
IPMediumSignal 40/100

159.203.4.84

Location
CanadaCanada
Toronto, Ontario
ASN
AS14061
Digital Ocean
First Seen
Feb 13, 2025
Last Seen
May 7, 2026
Feb 13
First Seen
485d ago
May 7
Last Seen
37d ago
15
Reports
source reports
40%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryCACanada
RegionToronto, Ontario
ASNAS14061
OrganizationDigital Ocean

Feed Intelligence Summary

15 reports40% confidence
15
Source reports
40%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney honeypotapacheapache attackerattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptscacanadacommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailexploitation activityftp brute forcegithubgroupshackinghoneytrap honeypotidentity & access exploitationindicatorinitial accessinjection activityiot securitylamplamp exploitation attemptslamp stack targetingmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trapprocess injectionpythonransomwarereconnaissanceresearchedresource hijackingscannerscanning activityscriptsecurity policysentrypeer botnetsftpsftp attacksipsip enumerationsip vulnerability scanningslugsocial engineeringsocradar honeypotsshssh attackssh monitoringsurface webt1021.002t1040t1041t1046t1053.005t1055t1059t1059.001t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencetor nodetpotvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 7May 7

Threat Activity Heatmap

· Peak: 2026-05-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
40
SIGNAL
Signal Score
40%
Confidence
15
Reports
First seenFeb 13, 2025
Last seenMay 7, 2026
GeolocationCA
CountryCanada
LocationToronto, Ontario
ASNAS14061
OrgDigital Ocean
Coords43.6520, -79.3633

VirusTotal

Not checked

WHOIS

description
2025-02-15T22:01:03.830Z Honeypot : ElasticPot : Source: 159.203.4.84 : Port: 9200 Event Type: Scan
raw
NetRange: 159.203.0.0 - 159.203.255.255 CIDR: 159.203.0.0/16 NetName: DIGITALOCEAN-159-203-0-0 NetHandle: NET-159-203-0-0-1 Parent: NET159 (NET-159-0-0-0-0) NetType: Direct Allocation OriginAS: AS14061 Organization: DigitalOcean, LLC (DO-13) RegDate: 2015-08-10 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/159.203.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports