IPMediumSignal 71/100
47.254.155.21
Location
GermanyFrankfurt am Main, HE
ASN
AS45102
Alibaba Cloud - DE
First Seen
Jun 28, 2024
Last Seen
May 30, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, HE
ASNAS45102
OrganizationAlibaba Cloud - DE
Feed Intelligence Summary
25 reports71% confidence
25
Source reports
71%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningapacheapache attackerasiaattackattack attemptattacker ipattacker-ipaustraliaauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated threatautomated_attackbad reputationbad web botblacklisted ip addressblocked connectionbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute_forcebrute_force_attackbruteforcec2c2 communicationcertciscocisco attackcisco devicecisco exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised hostconpotconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential-accessdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdistributed attacksemailencryptionenterprise networkingenterprise securityenumerationeuropeexploit attemptexploit attemptsexploitation activityexploited hostexternal access attemptsexternal scanfailed login attemptsfattfatt signaturesfilefin scanfinlandfrancefraud voipftpftp brute forcegermanyhackinghoneynet connecthoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicmpicmp scanics securityidentity & access exploitationindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet facing assetinternet of thingsinternet-facing serviceinternet_scannersintrusion detectioniocsiot botnetiot device targetingiot securityiot/ics attackipphoney honeypotipv4ipv4_addressjapanlamplamp attacklamp exploitation attemptslamp server attacklateral movementlinux serverslinux systemslinux_server_attackslogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip blockedmalicious softwaremalicious-scanmalwaremalware analysismalware behaviourmalware capturemalware distributionmalware propagationmalware_activitymanualmass scanningmasscanmirai botnetmobile carriersmobile networksnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork-reconnaissancenetwork_reconnaissancenmapnorth americanull scanoceaniaopen port detectionopportunistic attackeroutbound communication blockingp0fp0f network fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible malware probingpossible vulnerability scanningpotential vulnerability scanningprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingrtbhscams & fraudscanscannerscannersscanning activitysecurity operationssecurity policysecurity probingsensor-taggedsentrypeer botnetsentrypeer interactionsservice discoveryservice enumerationservice scanservice scanningservice-discoverysftpsftp attacksipsmb scanningsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsshssh attackssh monitoringstealth scan techniquessurface websuricata alertssynsyn scansystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1083t1087t1087.001t1087.002t1087.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1583t1587.001t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.004t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp-scantelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanudp-scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized scanningunited statesunknown threat actorvoidtrapvoipvoip attackvulnerability scanvultrweb application attackweb application attacksweb application scanningweb exploitweb exploitationweb shell detectionweb trafficweb_attackxmas scan
Activity Timeline
May 30May 30
Threat Activity Heatmap
· Peak: 2026-05-30LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
25
Reports
First seenJun 28, 2024
Last seenMay 30, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, HE
ASNAS45102
OrgAlibaba Cloud - DE
Coords50.1188, 8.6843
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded.
- raw
- inetnum: 47.64.0.0 - 48.159.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2025-07-14T13:30:24Z last-modified: 2025-07-14T13:30:24Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 28 days ago
Appeared in 25 threat reports