IOC Radar
IPMediumSignal 22/100

159.223.28.67

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS14061
DigitalOcean, LLC
First Seen
Sep 14, 2024
Last Seen
Mar 31, 2026
Sep 14
First Seen
636d ago
Mar 31
Last Seen
72d ago
7
Reports
source reports
22%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
22%
Signal Score
22 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

7 reports22% confidence
7
Source reports
22%
Confidence score
Category tags
active scanactive scanningapacheattackbankingbotnetbotnet activitybrute forcebrute force attackbrute force attemptsciscocisco devicecisco exploitation attemptscommand and controlconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationdata store exposureddosdedecoy systemdenial of servicedevice managementdistributed attacksemailenterprise networkingeuropeexploitation activityexploitsfinancefinance and insurancefinancial servicesfinancial technologygermanyics securityidentity & access exploitationindicatorindustrial control systemsinjection activityiot device targetingiot securityiot/ics attackipphoney honeypotmailoney honeypotmalicious activitymalicious softwaremalwarenetworknetwork infrastructurenetwork probingnetwork scanningnetwork securitynorth americapassword attackspayment processingphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedscanning activitysftpsftp attacksocial engineeringsshssh attackssh monitoringsurface webt1041t1046t1055t1059t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligencetor nodeunited stateswealth managementweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
22
SIGNAL
Signal Score
22%
Confidence
7
Reports
First seenSep 14, 2024
Last seenMar 31, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
2025-01-30T10:30:33.326149857Z Honeypot : Ipphoney : Source: 159.223.28.67 : Port: 631 Query: N/A request_method: GET
raw
inetnum: 159.220.0.0 - 159.223.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2019-01-07T10:46:51Z last-modified: 2019-01-07T10:46:51Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 7 threat reports