IOC Radar
IPMediumSignal 100/100

157.230.21.177

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS14061
DigitalOcean, LLC
First Seen
Feb 3, 2022
Last Seen
Mar 15, 2026
Feb 3
First Seen
1606d ago
Mar 15
Last Seen
105d ago
21
Reports
source reports
99%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS14061
OrganizationDigitalOcean, LLC

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseactive scanningadbhoney activityadbhoney honeypotattackbankingbotnetbrute forcebrute force attackcommand and controlcommunication protocolcowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdedecoy systemdenial of servicedionaea activitydionaea attackdionaea honeypotdistributed attackseuropeexploit public-facing applicationfinancefinance and insurancefinancial servicesfinancial technologyftp brute forcegermanyhoneytrap activityhoneytrap honeypotimapimap attackindicatorinitial accessipphoney honeypotlamplamp attacklamp exploit attemptslamp exploitation attemptslamp stack attackloginmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork probingnetwork scanningnetwork securitynetwork service scanningnorth americapassword attackspayment processingphishingphishing attackphishing trapprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingscannerscanning activityscripting attackssentrypeer activitysentrypeer botnetsftp activitysftp attacksip scanningsocial engineeringsocradar honeypotssh attackssh monitoringt1021t1040t1041t1046t1055t1059t1059.004t1059.007t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetpotceunited statesvoipvoip attackwealth managementweb application attackweb attackweb exploitationweb scanner

Activity Timeline

1 total obs
Mar 15Mar 15

Threat Activity Heatmap

· Peak: 2026-03-15
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenFeb 3, 2022
Last seenMar 15, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1169, 8.6837
Hosting

VirusTotal

Not checked

WHOIS

description
2025-02-03T19:38:32.420Z Honeypot : Tanner : Source: 157.230.21.177 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': '48a981bc-4251-4593-a69f-c91e9fab9f16', 'detection': {'version': '0.6.0', 'order': 0, 'name': 'unknown', 'type': 1}}}}
raw
inetnum: 157.229.0.0 - 157.230.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2019-01-07T10:47:15Z last-modified: 2019-01-07T10:47:15Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 3 months ago
Appeared in 21 threat reports