IOC Radar
IPMediumSignal 90/100

62.171.133.187

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS51167
Contabo GmbH
First Seen
Mar 12, 2026
Last Seen
Jun 11, 2026
Mar 12
First Seen
103d ago
Jun 11
Last Seen
12d ago
21
Reports
source reports
90%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
90%
Signal Score
90 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS51167
OrganizationContabo GmbH

Feed Intelligence Summary

21 reports90% confidence
21
Source reports
90%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadb attacksadbhoney honeypotapacheapache attackerattackattack preparatoryaustraliaautomated attackautomated threatbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebrute-force-attackbrute_forcecanadacisco devicecisco device attackscloud infrastructurecloud infrastructure attackcloud providercloud servicescloud-infrastructurecloud_infrastructurecommand and controlcommand executioncommunication protocolconpot honeypotcowrie activitycowrie attackscowrie honeypotcredential accesscredential access attemptscredential attackscredential brutingcredential guessingcredential harvestingcredential stuffingcredential-accesscredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdhcpdictionary attackdigital oceandigitalocean environmentdigitalocean platformdionaea activitydionaea attacksdionaea honeypotdiscovery phasedistributed attackselasticsearchencryptionenterprise networkingenumerationeuropeexploit attemptexploitation activityexploited hostexternal access attemptsexternal threatexternal-threatfattfrfranceftpftp attacksftp brute forceftp brute-forcegermanyhackinghoneytrap honeypothttp scannerhttp scanninghttp/sics securityics/scada attacksidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinitial access activityinitial access vectorinjection activityinjection attacksinternet facing assetinternet-facinginternet-facing serviceinternet-wide scaniocsiot attacksiot securityiot targetediot/ics attackipv4ipv4-addresseslamplamp attacklamp exploitation attemptslamp stack targetinglateral movementldaplinux systemslinux_server_attacksmailoney honeypotmalicious activitymalicious activity detectedmalicious ipsmalicious trafficmalicious-activitymalicious-scanmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware download attemptsmalware_activitymicrosoft sql servermssqlnetworknetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork servicesnetwork-devicesnetwork-reconnaissancenetwork_reconnaissancenorth americantpoceaniaoracleoracle databasep0fpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningpossible malware distributionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice enumerationservice scanservice-discoverysftp attacksip attackssmb attackssmtpsmtp brute forcesocial engineeringsocks5socradar honeypotspamsql injectionssh attackssh monitoringsystem accesst1018t1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.005t1059.007t1071t1071.001t1076t1077t1078t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1590.005t1590.006t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp port scanningtcp-scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetorontotpotudp port scanningudp-scanunauthorized access attemptunauthorized_access_attemptunited kingdomunknown threat actorvnc protocolvoipvoip attackvulnerability scanvulnerability-scanningweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-serversweb_attack

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
90
SIGNAL
Signal Score
90%
Confidence
21
Reports
First seenMar 12, 2026
Last seenJun 11, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS51167
OrgContabo GmbH
Coords50.1169, 8.6837

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 12 days ago
Appeared in 21 threat reports