IPMediumSignal 100/100
172.104.238.162
Location
GermanyFrankfurt am Main, Hesse
ASN
AS63949
Linode
First Seen
Jun 2, 2021
Last Seen
Jan 28, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, Hesse
ASNAS63949
OrganizationLinode
Feed Intelligence Summary
20 reports99% confidence
20
Source reports
99%
Confidence score
Category tags
abuseaccount discoveryackack scanactive scanningbanner grabbing attemptbotnetbrute forcebrute force attackbrute force attemptc2certcommand and controlcommunication protocolconnect scancredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdecoy systemdenial of servicedistributed attacksenumerationenumeration attempteuropeexternal network scanexternal scanfinfin port scanfin scanfirewall detection probefirewall evasionftpftp brute forcegermanyhttp brute forcehttp probinghttp scannericmpindicatorinformation gatheringinfrastructure discoveryinitial accesslateral movementmalicious softwaremalwaremanualmass scanningmass scanning activitymasscanmasscan activitymassive port scannetworknetwork attacksnetwork discoverynetwork enumerationnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmapnmap scan detectednull port scannull scanopen port detectionopen port discoveryopen port enumerationopen portsos detectionos fingerprinting attemptpassword attackspassword crackingphishing attackpossible malicious activitypossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedscanscannerscanning activitysecurity eventservice detectionservice discoveryservice enumerationservice version detectionsocial engineeringsocradarssh attackstealthstealth scanstealthmode_scanopticon-benignsuspected malicious activitysynsyn port scansyn scansystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1040t1046t1055t1059t1068t1071.001t1076t1077t1078t1082t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1213t1486t1496t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1589t1589.001t1589.002t1592t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat intelligencetsecudp port scanunauthorized access attemptunsolicited port accessverified-benignweb trafficxmasxmas port scanxmas scan
Activity Timeline
Jan 28Jan 28
Threat Activity Heatmap
· Peak: 2026-01-28LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
20
Reports
First seenJun 2, 2021
Last seenJan 28, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS63949
OrgLinode
Coords50.1169, 8.6837
VirusTotal
Not checked
WHOIS
- description
- Port Scan 2023-12-27T22:48:18.050Z -> 172.104.238.162 scanned port 995 on one of our servers
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 4 months ago
Appeared in 20 threat reports