IOC Radar
IPMediumSignal 59/100

64.226.81.53

Location
GermanyGermany
Frankfurt am Main, Hessen
ASN
AS14061
DigitalOcean, LLC
First Seen
Dec 2, 2025
Last Seen
May 22, 2026
Dec 2
First Seen
192d ago
May 22
Last Seen
21d ago
16
Reports
source reports
59%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hessen
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

16 reports59% confidence
16
Source reports
59%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotapacheapache attackerattackaustraliaauthentication attemptbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksciscocisco devicecommand and controlcommunication protocolcompromised credentialsconnected devicesconpotconpot honeypotcowriecowrie datacowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdedecoy systemdenial of servicedevice managementdionaeadionaea honeypotelasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitexploitation activityexploitation attemptsexploited hostfattftp brute forcegermanyhackinghoneytrap honeypothttp brute forcehttp scanningics securityidentity & access exploitationindicatorindustrial control systemsindustrial iotinternet of thingsintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipphoney honeypotlamplamp stack attacklateral movementlateral movement attemptlogin attemptmailoney honeypotmalicious activitymalicious trafficmalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaodin-benignopenctip0fpassword attackspassword sprayingphishingphishing attackphishing trappossible malware infectionpossible mirai variantprotocol exploitationransomwarereconnaissanceredis honeypotredishoneypotredishoneypot activityremote access attemptresearchedresource hijackingsansscannerscripting attackssensor-taggedsentrypeer botnetsentrypeer sip attacksservice scansftpsftp access attemptssftp activitysftp attacksftp attackssipsip attackssip vulnerability scansmart devicessmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringt1021t1021.004t1040t1041t1059t1059.004t1059.007t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1496t1499.001t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanunauthorized login attemptsunited statesverified-benignvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitationweb spam

Activity Timeline

1 total obs
May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
16
Reports
First seenDec 2, 2025
Last seenMay 22, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hessen
ASNAS14061
OrgDigitalOcean, LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

raw
inetnum: 64.226.56.0 - 64.226.155.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2021-11-09T15:01:41Z last-modified: 2021-11-09T15:01:41Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 21 days ago
Appeared in 16 threat reports