IPLowSignal 70/100
159.223.91.15
Location
United StatesSingapore, Singapore
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 26, 2025
Last Seen
Jan 23, 2026
Feb 26
First Seen
480d ago
Jan 23
Last Seen
150d ago
13
Reports
source reports
70%
Confidence
low
0/91
VirusTotal
detections
Found in 13 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSingapore, Singapore
ASNAS14061
OrganizationDigitalOcean, LLC
Feed Intelligence Summary
13 reports70% confidence
13
Source reports
70%
Confidence score
Category tags
abuseaccess controlactive scanningagent teslaakiraasiaasyncratattackbotnetbrazilbrute forcebrute force attackcisoscoinminercommand and controlcommunication protocolcommunication technologiescompromised credentialscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcryptocurrency threatscryptojackingdata exfiltrationdcratddos attackdecoy systemdistributed attackseuropeeurope/asiaexploit probingexploited hostfinancefranceftp brute forcegermanygroupedindicatorindonesiaiot targetedmailoney email attacksmailoney honeypotmalicious activitymalicious python scriptsmalicious softwaremalwaremalware hostingmexicomobile carriersmobile networksmozimozi linknetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americapanamaparaguaypassword attacksphishingphishing attackphishing trapprocess injectionqilinransomwarereconnaissanceresearchedresource hijackingrussiascannersecurity policysentrypeer attackssentrypeer botnetservicesftp access attemptsftp attacksgsingaporesip attackssip brute forcesliversocial engineeringsouth americaspamssh attackssh monitoringsteamt1021t1040t1041t1053t1055t1059t1068t1071t1071.001t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1123t1190t1204t1486t1496t1499.001t1499.002t1499.003t1552t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1595t1595.001t1595.002t1595.003tannertelecomtelecom servicestelecommunicationtelecommunicationsthreat actorthreat preventionukraineunited kingdomunited statesurlhausvoipvoip attack
Activity Timeline
Jan 23Jan 23
Threat Activity Heatmap
· Peak: 2026-01-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
13
Reports
First seenFeb 26, 2025
Last seenJan 23, 2026
GeolocationUS
CountryUnited States
LocationSingapore, Singapore
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220
WHOIS
- description
- 2025-03-06T07:37:30.504Z Honeypot : Tanner : Source: 159.223.91.15 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': '96ef8cc1-fd80-430c-aab8-d86581e18024', 'detection': {'version': '0.6.0', 'order': 0, 'name': 'unknown', 'type': 1}}}}
- raw
- inetnum: 159.0.0.0 - 159.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2023-04-16T20:09:38Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: ABUSE APNICAP address: Brisbane, Australia country: ZZ phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2023-08-18T19:08:30Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://urlhaus.abuse.ch/, https://any.run/malware-trends/, https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
lowFirst detected 1 year ago · Last seen 5 months ago
Appeared in 13 threat reports