Check an IP Address, Domain Name, Subnet, or ASN

159.203.9.61 was found in our database!

$ whois 159.203.9.61

country·🇨🇦 Canada

city·Toronto

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 159.203.9.61scoring →

confidence

62%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·27

events·43

$ sikker protocols 159.203.9.61

HTTPS

5 / 10

FTP

2 / 9

RTSP

5 / 7

HTTP

4 / 6

SSH

4 / 4

SIP

2 / 2

IMAP

2 / 2

TELNET

2 / 2

SMB

1 / 1

$ sikker summary 159.203.9.61

159.203.9.61 has a threat confidence score of 62%. This IP address from Canada (AS14061, DigitalOcean, LLC) has been observed in 27 honeypot sessions targeting HTTPS, FTP, RTSP, HTTP, SSH and 4 other protocols. First observed on January 23, 2026, most recently active April 19, 2026.

$ sikker behaviors 159.203.9.61catalog →

mediumRtsp Credentialed Options Probe1x

RTSP OPTIONS request containing embedded credentials in the URI (for example admin:password@host). Unlike standard discovery probes, this indicates an automated attempt to enumerate camera or media endpoints while testing known or default credentials. This pattern is commonly associated with IoT botnets and opportunistic scanners targeting exposed RTSP services rather than passive measurement traffic.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 159.203.9.61

rtsp_options4 rtsp_options_with_admin_credentials4 rtsp_describe3 http_method_get1 https_path_root1 rtsp_url_streaming_channels_1011

$ sikker related 159.203.9.61

🇨🇦·More threats fromCanada→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→RTSP·More threats targetingRTSP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→SIP·More threats targetingSIP→IMAP·More threats targetingIMAP→TELN·More threats targetingTELNET→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
159.89.140.55	67%	88
68.183.110.158	66%	55
138.197.16.14	92%	1,475
147.182.209.206	64%	141
198.211.105.210	84%	68

IP Address	Confidence	Events
15.156.110.125	64%	2,820
149.56.155.187	97%	7,274
159.203.45.180	23%	1
142.93.145.126	94%	1,847
142.93.156.181	58%	14