IOC Radar
IPMediumSignal 80/100

64.226.65.160

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS14061
DigitalOcean, LLC
First Seen
Jun 26, 2024
Last Seen
Jun 2, 2026
Jun 26
First Seen
725d ago
Jun 2
Last Seen
19d ago
32
Reports
source reports
80%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

75 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

32 reports80% confidence
32
Source reports
80%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlactive scanactive scanningadb_protocoladbhoney activityadbhoney alertsadbhoney honeypotand exploitation attemptsapacheapache attackerapplication layer protocolapplication reconnaissanceaptattackaustraliaauthenticationauthentication attemptsauto-generated securityautomated attacksautomated-attackbad ip'sbad reputationbad web botbankingblocklist_allblog spambotnetbotnet activitybrazilbrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcec2 communicationc2 servercertcisco attackcisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptscisco logscloud computingcloud migrationcloud securitycloud storagecms detectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostcompromised hostsconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactioncowrie logscowrie ssh attackscredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_guessingcredit card servicescve exploitation attemptdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase probingdatabase securityddosddos attackddos attack indicatorsddos attemptdedecoy systemdenial of servicedevice managementdhcpdigital oceandionaeadionaea activitydionaea capturedionaea detectiondionaea honeypotdionaea logsdionaea malware collectiondirectory bruteforcingdirectory traversaldistributed attacksdnsdns attackelasticsearchemailencryptionenterprise networkingenumerationeuropeexploitexploit kit activityexploit_attemptsexploitation activityexploitation attemptexploitation of privilegeexploitation_attemptexploited hostexploitsfattfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud ordersftpftp brute forceftp brute-forceftp_protocolgermanygithubgroupshackingheralding activityheralding behaviorhoneynet connecthoneytrap honeypothttp brute forcehttp probinghttp scannerhttp_protocolhttpsicsics securityidentity & access exploitationimapindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksinternet-facingiociot securityiot targetediot/ics attackipp_protocolipphoney honeypotit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptlamp exploitation attemptslamp server targetinglamp stack targetinglateral movementldapleakix-benignlfilinux-server-attackloginlogin attemptmail protocol abusemailoney honeypotmailoney logsmalicious activitymalicious loginmalicious network activitymalicious payload detectionmalicious script executionmalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware attemptmalware behaviourmalware capturemalware delivery attemptmalware distributionmalware download attemptmalware_distribution_attemptmanualmedium-riskmssqlmulti-cloud managementnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_devicenorth americantpoceaniaopenctioracleowaspp0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware propagationpotential exploit activitypotential malicious activitypotential malware activityprocess injectionprotocol exploitationprotocol-abuseproxypythonransomwareransomware activityreconnaissancereconnaissance activityremote accessremote servicesresearchresearchedresource hijackingrfirtbhscams & fraudscanscannerscannersscanning activityscriptscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer logsserver exploitationservice enumerationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp-attacksftp_protocolsipsip brute forcesip scanningsip_protocolslugsmb probingsmb_protocolsmtpsmtp brute forcesmtp_protocolsocial engineeringsocks5software developmentspamsql injectionsql injection attemptsql injection attemptssshssh attackssh monitoringssh-brutessh-brute-forcessh_protocolssrfsurface websystem administrationt-pott1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1053t1055t1056t1056.001t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1072t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1210t1486t1495.001t1496t1497t1499.001t1499.002t1499.003t1505.004t1550t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1590t1590.001t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner logstargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcetelnet_protocolthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized-access-attemptunidentified attackerunited kingdomunited statesunknown threat actorvalid accountsverified-benignvnc protocolvoipvoip attackvulnerability scanvultrwazuhwealth managementweb app attackweb application attackweb application attacksweb application fingerprintingweb attackweb attack activityweb attacksweb crawlerweb exploitationweb scannerweb spamweb trafficweb-application-attackweb_applicationweb_application_attackxss

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
32
Reports
First seenJun 26, 2024
Last seenJun 2, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=DE; ports=9762 Location=Sydney, Australia.
raw
inetnum: 64.226.56.0 - 64.226.155.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2021-11-09T15:01:41Z last-modified: 2021-11-09T15:01:41Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7234576030756130817-JU6L?utm_source=share&utm_medium=member_desktop, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://s3.i02.estaleiro.serpro.gov.br/blocklist/blocklist.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7207018975610691584-f86H?utm_source=share&utm_medium=member_desktop

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 19 days ago
Appeared in 32 threat reports