IOC Radar
IPMediumSignal 63/100

128.14.225.253

Location
GermanyGermany
Frankfurt Am Main, Hesse
ASN
AS135377
UCLOUD
First Seen
Nov 28, 2022
Last Seen
Jun 6, 2026
Nov 28
First Seen
1290d ago
Jun 6
Last Seen
4d ago
30
Reports
source reports
63%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryDEGermany
RegionFrankfurt Am Main, Hesse
ASNAS135377
OrganizationUCLOUD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

30 reports63% confidence
30
Source reports
63%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessapacheapache attackeraptasiaattackattack source ipattacker-ipaustraliaauthentication abuseauthentication attemptsauthentication brute forceautomated attack campaignsbad reputationbad web botblacklist ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackcanadachinacisco asacisco asa targetscisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconpot honeypotcowriecowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackcredential harvestingcredential stuffingcredential-accessctadata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase securitydatabase serverddosddos attackddos attack indicatorsddos attacksdedecoy systemdenial of servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea honeypotdionaea interactionsdistributed attackdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploited hostfattfatt analysisfatt signaturesfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttpsics securityidentity & access exploitationimapimap attackinbound scanindicatorindustrial control systemsinfrastructure reconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsinternet scaninternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 port scanningipv4 threatsjapanlamplamp exploit attemptlamp exploitationlamp exploitation attemptslamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlcialinux serverlinux systemslogin attemptlogin attemptsmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious email detectionmalicious ip listmalicious login attemptsmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagationmelbourne regionmirai botnetmssql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_enumerationnorth americaoceaniaopen proxyoperating systemoperating system securityp0fp0f os fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible mirai variantpotential compromisepotential credential compromisepotential credential stuffingpotential malware infectionpotential threat actorpotential vulnerability scanprivilege escalationprocess injectionprotocol abuseprotocol exploitationproxyproxy protocolransomwareransomware activityrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote servicesresearchedresource developmentresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice enumerationservice scansftp access attemptsftp activitysftp attacksftp exploitation attemptsftp scanningsingaporesip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp traffic analysissocial engineeringsocradar honeypotspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringsuricata alertsuricata alertssynsyn scant-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp scanunattributed threat activityunauthenticated accessunauthorized accessunauthorized access attemptunited kingdomunited statesunknown threat actorunsolicited emailvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr infrastructure targetedweb app attackweb applicationweb application attackweb application attacksweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
30
Reports
First seenNov 28, 2022
Last seenJun 6, 2026
GeolocationDE
CountryGermany
LocationFrankfurt Am Main, Hesse
ASNAS135377
OrgUCLOUD
Coords50.1109, 8.6821
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 4 days ago
Appeared in 30 threat reports