IOC Radar
IPMediumSignal 100/100

188.166.162.52

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS14061
Digitalocean
First Seen
Mar 12, 2025
Last Seen
Apr 24, 2026
Mar 12
First Seen
458d ago
Apr 24
Last Seen
51d ago
23
Reports
source reports
99%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS14061
OrganizationDigitalocean

IP Category

Proxy
Proxy server
Hosting
Hosting provider

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningattackauthenticationauthentication attacksautomated attackautomated attacksautomated threatbad reputationbotnetbotnet activitybrute forcebrute force attackbrute-forcbrute-forcecommand and controlcowrie honeypotcredential accesscredential stuffingctadata exfiltrationdata store exposurededecoy systemdistributed attackseuropeexploitation activityfailed login attemptsftpftp brute forcegermanyhttp brute forceidentity & access exploitationinfoinjection activityintrusion detectionmalicious activitymalicious softwaremalwarenetworknetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnoticepassword attackspassword crackingprocess injectionproxyrate limiting triggeredreconnaissanceremote access attemptsresearchedrule based detectionscannersecurity operationssecurity policyservice exploitation attemptssshssh attackssh monitoringt1021t1021.001t1040t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligencethreat preventiontor nodeunited kingdom

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a critical and immediate threat to organizational security, demanding urgent attention. With a score of 100 and no whitelist status, the IP address `188.166.162.52` is unequivocally associated with highly malicious activities, primarily characterized by extensive brute-force attacks and network scanning. Its presence in numerous authoritative threat intelligence feeds underscores a widespread consensus regarding its hostile nature. Unaddressed, this …

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenMar 12, 2025
Last seenApr 24, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS14061
OrgDigitalocean
Coords50.1169, 8.6837
ProxyHosting

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 188.166.160.0 - 188.166.167.255 netname: DIGITALOCEAN country: DE admin-c: PT7353-RIPE tech-c: PT7353-RIPE status: ASSIGNED PA mnt-by: digitalocean created: 2019-04-17T14:04:35Z last-modified: 2019-04-17T14:04:35Z source: RIPE person: DigitalOcean Network Operations address: 105 Edgeview Drive, Suite 425 address: Broomfield, Colorado 80021 address: United States of America phone: +16468274366 nic-hdl: PT7353-RIPE mnt-by: digitalocean created: 2015-03-11T16:37:07Z last-modified: 2025-04-11T19:39:01Z source: RIPE # Filtered org: ORG-DOI2-RIPE
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 23 threat reports