IPMediumSignal 21/100

`217.15.165.7`

Location

Singapore

Singapore, North West

ASN

AS141995

Contabo GmbH

First Seen

Jan 23, 2025

Last Seen

Apr 7, 2026

Jan 23

First Seen

504d ago

Apr 7

Last Seen

65d ago

Reports

source reports

21%

Confidence

medium

1/91

VirusTotal

detections

Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

21%

Signal Score

21 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

36 techniques

Network Information

Country

Singapore

RegionSingapore, North West

ASNAS141995

OrganizationContabo GmbH

Feed Intelligence Summary

5 reports21% confidence

Source reports

21%

Confidence score

Category tags

accessactive scanactive scanningadbhoney activityadbhoney honeypotamadeyamadey botasiaasyncratattackblacklist hostbotnetbotnet activitybrazilbrute forcechange healthcarecommand and controlcommunication protocolcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingcsrmirt teamdata encryptiondata exfiltrationdata store exposuredecoy systemdenmarkdionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksemailencryptioneuropeexploitation activityextortionfinanceftp brute forcegermanygithubgroupshoneytrap activityhoneytrap honeypotidentity & access exploitationindexindicatorindonesiainformation stealerinformation technologyinfostealerinjection activitylamplamp attacklamp stack attacklatest spambotlummalumma stealermailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemobilemobile securitymozimozi botnetnetworknetwork securityparaguayphishingphishing attackphishing trapprocess injectionpythonransomwarereconnaissanceremote access trojanresearchedresource hijackingscannerscriptscripting attackssentrypeer activitysentrypeer botnetsftpsftp activitysftp attacksgsingaporesipsip scanningslugsocial engineeringsouth americaspamspambotsshssh attackssh monitoringstealcstealc stealersurface websystem disruptiont1040t1041t1055t1059t1059.004t1059.007t1064t1071.001t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1190t1203t1204t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547t1565t1566t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktech mahindratelecommunicationsthreat actorthreat detectionthreat intelligencethreat reporttor nodetpotceukraineurlhausvoipvoip attackweb attackweb exploitationxworm

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, is categorized with a low score of 21.23, suggesting it is currently assessed as low-risk or potentially benign. While its presence in multiple threat intelligence feeds is noted, indicating some historical or potential association with malicious activities, its current risk profile does not suggest an immediate, high-severity threat. There is no corroborating evidence from the provided data to suggest active malicious engagement directly attr…

Threat ScoreLow Risk

SIGNAL

Signal Score

21%

Confidence

Reports

First seenJan 23, 2025

Last seenApr 7, 2026

GeolocationSG

CountrySingapore

LocationSingapore, North West

ASNAS141995

OrgContabo GmbH

Coords55.7123, 12.0564

VirusTotal

1/ 91vendors flagged

1% detection rateJun 3, 2026

WHOIS

description: 2025-02-02T04:23:51.102Z Honeypot : Tanner : Source: 217.15.165.7 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '5d53d58d-c9e9-4b49-918e-17303229bc71'}}}
raw: inetnum: 217.0.0.0 - 217.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references: https://urlhaus.abuse.ch/, https://any.run/malware-trends/

`217.15.165.7`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy