IPMediumSignal 67/100

`130.61.28.82`

Location

Germany

Frankfurt am Main, Hessen

ASN

AS31898

Oracle Cloud Infrastructure (eu-frankfurt-1)

First Seen

Jan 24, 2026

Last Seen

Jun 12, 2026

Jan 24

First Seen

154d ago

Jun 12

Last Seen

15d ago

Reports

source reports

67%

Confidence

medium

Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

67%

Signal Score

67 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

48 techniques

Network Information

Country

Germany

RegionFrankfurt am Main, Hessen

ASNAS31898

OrganizationOracle Cloud Infrastructure (eu-frankfurt-1)

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

24 reports67% confidence

Source reports

67%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningactive-attackadbhoney honeypotaerospace & defenseapacheapache attackeraptattackaustraliaauthenticationauthentication attemptautomated attackbad reputationbad web botbankingblocklist_allblog spambothammerbotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attemptsbrute-forcec2 communicationcisco brute forcecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcommunication technologiescompromised systemconpot honeypotconsumer goodscowrie activitycowrie attackscowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftcredential_accesscredit card servicescyberattackdaily-threat-feeddata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedenial-of-servicedevice managementdigital oceandionaea activitydionaea attacksdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploitexploitationexploitation activityexploited hostexternal_threatfattfilefinancefinancial servicesfinancial technologyfrancefraudfraudulent activityftpftp brute forceftp brute-forcegermanyhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationindustrial control systemsinformation technologyinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetediot/ics attackip-threat-feedipqsipv4it infrastructurelamplamp attacklamp exploitation attemptslamp stack attacklamp stack targetinglateral movementlogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious file transfermalicious network activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmediamilitary operationsmobile carriersmobile networksnational securitynetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_scanoceaniaopenctip0fpassword attackspayment processingphishingphishing attackphishing trappossible malware distributionpossible mirai variantprocess injectionprotocol exploitationproxyproxy detectionransomwarerdp exploitationrealtime-wafreconnaissanceredis honeypotremote accessremote access attemptremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscannersscanning activityscripting attackssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftp activitysftp attacksftp attemptsftp exploitation attemptssiemsip brute forcesip scanningsmtpsmtp brute forcesmtp enumerationsmtp probingsocial engineeringsocradar honeypotsoftware developmentspamspammingsshssh attackssh exploitationssh monitoringt1016t1021t1021.001t1021.004t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1584t1589t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_intelligencetor detectiontor nodetpotudp port scanunauthorized access attemptunauthorized access attemptsvoipvoip attackvpnvpn detectionvulnerability scanvultr_platform_activitywealth managementweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitationweb spamweb trafficweb-exploitation

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

67%

Confidence

Reports

First seenJan 24, 2026

Last seenJun 12, 2026

GeolocationDE

CountryGermany

LocationFrankfurt am Main, Hessen

ASNAS31898

OrgOracle Cloud Infrastructure (eu-frankfurt-1)

Coords50.1049, 8.6295

ProxyVPN

VirusTotal

Not checked

WHOIS

raw: Oracle Corporation OC-195 (NET-130-61-0-0-1) 130.61.0.0 - 130.61.255.255 Oracle Public Cloud OOC-195 (NET-130-61-0-0-2) 130.61.0.0 - 130.61.255.255

`130.61.28.82`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey