IOC Radar
IPMediumSignal 73/100

144.31.89.102

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS213877
u1host ltd
First Seen
Mar 16, 2026
Last Seen
May 4, 2026
Mar 16
First Seen
96d ago
May 4
Last Seen
48d ago
15
Reports
source reports
73%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS213877
Organizationu1host ltd

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

15 reports73% confidence
15
Source reports
73%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaerospace & defenseaptattackautomated attackautomated attacksautomated threatbad reputationbankingblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebrute_forcecisco devicecivil servicescommand and controlcommand executioncommunication protocolcommunication technologiesconsumer goodscowrie honeypotcredential accesscredential attackscredential brute forcecredential brutingcredential stuffingcredential theftcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase securitydedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydevice managementdhcpdictionary attackdistributed attackselasticsearchencryptionenterprise networkingeuropeexploitexploit attemptexploitation activityexternal access attemptsfinancefinancial servicesfinancial technologyfraudfraudulent activityftpgermanygovernment technologyhackinghoneytrap honeypothttp scannerhttp/sidentity & access exploitationimapindicatorinformation gatheringinformation technologyinjection activityinjection attacksinternet-facing serviceiocsiot securityipqsipv4it infrastructurelamplateral movementldaplinux serverslinux systemslinux_server_attacksmalicious activitymalicious ip addressesmalicious softwaremalwaremalware distributionmalware_activitymediamicrosoft sql servermilitary operationsmobile carriersmobile networksmssqlnational securitynetworknetwork infrastructurenetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesntporacleoracle databasepassword attackspayment processingphishingprocess injectionprotocol exploitationproxyproxy detectionpublic administrationpublic infrastructurepublic policyrdp exploitationreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscripting attackssecurity operationssecurity policysentrypeer botnetserver exploitationservice enumerationservice scanservice scanningsftp attacksocial engineeringsocks5software developmentspamspammingsql injectionsshssh attackssh exploitationssh monitoringt1021.001t1021.002t1040t1041t1046t1055t1059.003t1059.005t1059.007t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1567.001t1590t1590.004t1590.006t1592.002t1595t1595.001t1595.002t1595.003targeting databasetelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor detectiontor nodetpotunknown threat actorvnc protocolvoipvoip attackvpnvpn detectionvulnerability scanvulnerability-exploitationwealth managementweb attackweb attacksweb exploitationweb trafficweb_attack

Activity Timeline

1 total obs
May 4May 4

Threat Activity Heatmap

· Peak: 2026-05-04
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
15
Reports
First seenMar 16, 2026
Last seenMay 4, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS213877
Orgu1host ltd
Coords50.1169, 8.6837
ProxyVPN

VirusTotal

Not checked

WHOIS

description
2026-03-16T16:55:55.000Z Honeypot : Honeytrap : Source: 144.31.89.102 : Port: 2222 Message: {'protocol': 'tcp', 'payload': {'sha512_hash': '4a10eb30789cac63757289093c81dde877d6caff293379f2fa077bd20d79b4445834113087a1723ad81aae6aaf034184d3f3cca7f6143e130313831ce04060dc', 'md5_hash': '6d77b1f2c88d516169b8623a90b65b2c', 'length': 24, 'data_hex': '5353482d322e302d6c6962737368325f312e31312e310d0a'}}

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 1 month ago
Appeared in 15 threat reports