IOC Radar
IPMediumSignal 81/100

165.227.17.81

Location
United StatesUnited States
Santa Clara, California
ASN
AS14061
DigitalOcean, LLC
First Seen
Mar 24, 2025
Last Seen
Feb 15, 2026
Mar 24
First Seen
445d ago
Feb 15
Last Seen
117d ago
17
Reports
source reports
81%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

17 reports81% confidence
17
Source reports
81%
Confidence score
Category tags
abuseactive scanningadbhoney honeypotattackauthentication attemptsbad web botbankingbinaryedge-benignbotnetbrute forcebrute force attackbrute force attacksc2cisco devicecisco exploitation attemptscommand and controlcommunication protocolcompromised credentialscowrie activitycowrie honeypotcowrie ssh attackscowrie ssh interactioncredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationdatabase securitydecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea malware collectiondistributed attacksenterprise networkingexploit attemptexploited hostfinancefinance and insurancefinancial servicesfinancial technologyftp brute forcehackinghoneytrap honeypotinitial accessipphoney honeypotlamplamp exploitationlateral movementmailoney activitymailoney honeypotmalicious activitymalicious payloadmalicious payload attemptsmalicious sip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americapassword attackspayment processingphishingphishing attackphishing trappossible exploit probingpossible malware hostingprocess injectionproxyreconnaissanceredis honeypotremote accessremote service exploitationremote servicesresearchedresource hijackingsansscannerscanning activitysentrypeer botnetsftp access attemptssftp attacksftp attemptssip brute forcesip scanningsmtp brute forcesmtp probingsocial engineeringsocradar honeypotssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1055t1059t1059.004t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1588t1595t1595.001t1595.002t1595.003tannertanner exploit detectiontelecommunicationsthreat actorthreat detectionthreat intelligencetpotcettpsunauthorized accessunited statesverified-benignvoipvoip attackwealth managementweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
17
Reports
First seenMar 24, 2025
Last seenFeb 15, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS14061
OrgDigitalOcean, LLC
Coords37.3598, -121.9810

VirusTotal

Not checked

WHOIS

description
Unknown source type: h0neytr4p
raw
NetRange: 165.227.0.0 - 165.227.255.255 CIDR: 165.227.0.0/16 NetName: DIGITALOCEAN-165-227-0-0 NetHandle: NET-165-227-0-0-1 Parent: NET165 (NET-165-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2016-10-06 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/165.227.0.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 17 threat reports