IOC Radar
IPMediumSignal 85/100

164.90.237.71

Location
GermanyGermany
Frankfurt am Main, HE
ASN
AS14061
DigitalOcean, LLC
First Seen
Oct 10, 2024
Last Seen
Jun 12, 2026
Oct 10
First Seen
625d ago
Jun 12
Last Seen
15d ago
22
Reports
source reports
85%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, HE
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

22 reports85% confidence
22
Source reports
85%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningapacheapache attackerattackautomated threatbad reputationbad web botblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute-forcebruteforceciscocisco devicecivil servicescloud computingcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecommunication protocolcowriecowrie honeypotcredential accesscredential attackscredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdedecoy systemdenial of servicedevice managementdhcpdigital oceandionaeadionaea honeypotelasticsearchenterprise networkingeuropeexploitexploit attemptexploitation activityexploited hostexternal access attemptsfattftpftp brute-forcegermanygovernment technologyhackinghoneytrap honeypothttp/sidentity & access exploitationimapindicatorinformation technologyinitial accessinjection activityinjection attacksinternet-facing attackiot securityiot targetedipv4it infrastructurelampldaplinux systemsmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemssqlmulti-cloud managementnetworknetwork infrastructurenetwork intrusionnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesntporaclep0fpassword attacksphishingphishing attackphishing trapportscanpostgresproject-gifted1project_gifted1protocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceredisregulatory agenciesresearchedresource hijackingscale-testscanscannerscannerssensor-taggedsentrypeer botnetservice scansftpsftp attacksipsmbsnmpsocks5socradar honeypotsoftware developmentsovereign-assetspamsql injectionsshssh attackssh monitoringssh-brute-forcestrike05t-pott1040t1041t1046t1059.003t1071.001t1078t1078: valid accountst1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1590.006t1595.001t1595.002t1595.002: vulnerability scanningt1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotv5-automationvncvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationweb spamwhale_agentsworker_strike

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
22
Reports
First seenOct 10, 2024
Last seenJun 12, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, HE
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1188, 8.6843

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 164.90.128.0 - 164.90.255.255 CIDR: 164.90.128.0/17 NetName: DIGITALOCEAN-164-90-128-0 NetHandle: NET-164-90-128-0-1 Parent: NET164 (NET-164-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: DigitalOcean, LLC (DO-13) RegDate: 2019-08-19 Updated: 2020-04-03 Comment: Routing and Peering Policy can be found at https://www.as14061.net Comment: Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse Ref: https://rdap.arin.net/registry/ip/164.90.128.0 OrgName: DigitalOcean, LLC OrgId: DO-13 Address: 105 Edgeview Drive, Suite 425 City: Broomfield StateProv: CO PostalCode: 80021 Country: US RegDate: 2012-05-14 Updated: 2025-04-11 Ref: https://rdap.arin.net/registry/entity/DO-13 OrgNOCHandle: NOC32014-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-646-827-4366 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN OrgAbuseHandle: DIGIT19-ARIN OrgAbuseName: DigitalOcean Abuse OrgAbusePhone: +1-646-827-4366 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN OrgTechHandle: NOC32014-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-646-827-4366 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrmelbournetest-telnet-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-25/, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 15 days ago
Appeared in 22 threat reports