IPMediumSignal 84/100
109.94.170.62
Location
GermanyFrankfurt Am Main, NW
ASN
AS3214
Greencloud LLC
First Seen
Mar 9, 2026
Last Seen
Jun 11, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt Am Main, NW
ASNAS3214
OrganizationGreencloud LLC
Feed Intelligence Summary
16 reports84% confidence
16
Source reports
84%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptattackaustraliaautomated attackbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebrute_forcecivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommunication protocolcompromised hostcowriecowrie honeypotcredential accesscredential attackcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosdedecoy systemdenial of servicedhcpdictionary attackdigital oceandigitalocean infrastructuredionaeadionaea honeypotdistributed attackselasticsearchencryptioneuropeexploitexploit attemptexploitation activityexploitation attemptexploited hostfattfranceftpgermanygovernment technologyhackinghoneytrap honeypothttp scannerhttpsidentity & access exploitationimapindicatorinformation gatheringinformation technologyinitial_accessinjection activityinjection attacksinternet-facing serviceintrusion detectioniocsiot securityipv4it infrastructurelamplateral movementldaplinux_server_attacksmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware_activitymssqlnetworknetwork attacksnetwork enumerationnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_intrusionntpoceaniaoraclep0fpassword attacksphishingphishing attackphishing trapportscanpostgresprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceredisregulatory agenciesremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice attackservice scansftpsftp attacksmbsmtpsnmpsocks5software developmentsql injectionsshssh attackssh monitoringsystem accesst-pott1021t1021.001t1021.002t1040t1041t1046t1059.003t1059.005t1071t1071.001t1076t1077t1078t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1590t1590.004t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_activitytor nodetpotunknown threat actorvncvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitweb exploitationweb trafficweb_attack
Activity Timeline
Jun 11Jun 11
Threat Activity Heatmap
· Peak: 2026-06-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
16
Reports
First seenMar 9, 2026
Last seenJun 11, 2026
GeolocationDE
CountryGermany
LocationFrankfurt Am Main, NW
ASNAS3214
OrgGreencloud LLC
Coords51.2184, 6.7734
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 109.94.170.0 - 109.94.170.255 netname: GREENCLOUD-DE descr: 365 Group LLC country: DE org: ORG-OTJS2-RIPE admin-c: DN4353-RIPE tech-c: DN4353-RIPE status: ASSIGNED PA mnt-by: xtom mnt-by: mnt-vn-365online-1 mnt-routes: mnt-vn-365online-1 mnt-domains: mnt-vn-365online-1 created: 2024-11-12T21:36:56Z last-modified: 2025-04-02T08:04:52Z source: RIPE organisation: ORG-OTJS2-RIPE org-name: Greencloud LLC country: VN org-type: LIR address: HD09-SP.BH-10, Duong Bien Ho, KDT Vinhomes Ocean Park, Xa Da Ton, Huyen Gia Lam address: address: Hanoi address: VIET NAM phone: +19095473866 admin-c: DN4353-RIPE tech-c: DN4353-RIPE abuse-c: AR60478-RIPE mnt-ref: mnt-vn-365online-1 mnt-ref: xtom mnt-ref: XSWL-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-vn-365online-1 created: 2020-06-11T07:48:00Z last-modified: 2025-04-02T07:45:11Z source: RIPE # Filtered role: Dzung Nguyen address: 16192 Coastal Highway Lewes address: 19958 address: DE address: USA phone: +19095473866 nic-hdl: DN4353-RIPE mnt-by: mnt-vn-365online-1 created: 2020-06-11T07:47:59Z last-modified: 2020-07-07T08:09:55Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 109.94.170.0/24 origin: AS3214 mnt-by: xtom created: 2021-01-13T12:02:23Z last-modified: 2021-01-13T12:02:23Z source: RIPE route: 109.94.170.0/24 origin: AS3258 mnt-by: xtom created: 2024-12-23T14:30:05Z last-modified: 2024-12-23T14:30:05Z source: RIPE route: 109.94.170.0/24 origin: AS4785 mnt-by: xtom created: 2024-12-23T14:30:05Z last-modified: 2024-12-23T14:30:05Z source: RIPE route: 109.94.170.0/24 origin: AS6233 mnt-by: xtom created: 2024-12-23T14:30:05Z last-modified: 2024-12-23T14:30:05Z source: RIPE route: 109.94.170.0/24 origin: AS8888 mnt-by: xtom created: 2024-12-23T14:30:05Z last-modified: 2024-12-23T14:30:05Z source: RIPE route: 109.94.170.0/24 origin: AS9312 mnt-by: xtom created: 2024-12-23T14:30:05Z last-modified: 2024-12-23T14:30:05Z source: RIPE route: 109.94.170.0/24 origin: AS949 mnt-by: xtom created: 2024-12-23T14:30:04Z last-modified: 2024-12-23T14:30:04Z source: RIPE
- references
- https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-telnet-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-15/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 13 days ago
Appeared in 16 threat reports