IPMediumSignal 75/100
167.71.46.248
Location
GermanyFrankfurt am Main, Hessen
ASN
AS14061
DigitalOcean, LLC
First Seen
Jun 26, 2024
Last Seen
Apr 9, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, Hessen
ASNAS14061
OrganizationDigitalOcean, LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
24 reports75% confidence
24
Source reports
75%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadbadministrative accessaptasaattackattack sourceattacker-ipaustraliaauthentication abuseauthentication attemptauthentication_bypassauto-generated securityautomated attacksbad reputationbad web botblacklist candidateblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptscisco asa targetedcisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostconnectconpot honeypotcowriecowrie datacowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase brute forcedatabase securityddosddos attackddos attack indicatorsddos attacksddos attemptdedecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackdropperemailencryptionenterprise networkingenumerationeuropeexfiltration preparationexploitexploit attemptexploit kit activityexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfattfatt signaturesfinlandfranceftpftp brute forcegermanygroupshackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttps scanningics securityidentity & access exploitationimap brute forceindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackipv4ipv4_addresslamplamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlogin attemptlogin failuremailoney honeypotmailoney interactionsmalicious activitymalicious scanmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware propagationmanualmirai botnetmobilemobile securitymonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_service_exploitationnorth americaoceaniaopenctioperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspassword sprayingphishingphishing attackphishing trappolandpop3 brute forcepossible credential stuffingpossible mirai variantpossible reconnaissancepostgresql brute forcepotential exploitpotential lateral movementpotential malware distributionprivilege escalationprocess injectionprotocol exploitationproxyproxy protocolransomwareransomware activityreconnaissancereconnaissance activityremote accessremote access attemptremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingrtbhscanscannerscannersscanning activityscriptsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsservice probingservice scansftpsftp access attemptsftp activitysftp attacksftp exploitation attemptsftp probingsipsip attackssip brute forcesip scanningslugsmb brute forcesmb scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injection attemptsql injection attemptssshssh attackssh monitoringsurface websuricata alertssynsyn scant1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1055t1057t1059t1059.001t1059.003t1059.004t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1082t1083t1087t1087.001t1087.002t1087.003t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1202t1203t1204t1204.002t1210t1486t1496t1497.001t1499.001t1499.002t1499.003t1539t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesvoidtrapvoipvoip attackvulnerability scanweb application attackweb application attacksweb application scanningweb exploitationweb scannerweb spamweb traffic
Activity Timeline
Apr 9Apr 9
Threat Activity Heatmap
· Peak: 2026-04-09LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
24
Reports
First seenJun 26, 2024
Last seenApr 9, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hessen
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1109, 8.6821
Proxy
VirusTotal
Not checked
WHOIS
- description
- 2025-02-07T12:21:02.658Z Honeypot : Dionaea : Source: 167.71.46.248 : Port: 1723 Connection: {'protocol': 'pptpd', 'type': 'accept', 'transport': 'tcp'}
- raw
- inetnum: 167.17.192.0 - 167.80.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2025-06-03T14:09:51Z last-modified: 2025-06-03T14:09:51Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 24 threat reports