IOC Radar
IPMediumSignal 47/100

64.227.118.8

Location
GermanyGermany
Frankfurt am Main, Hessen
ASN
AS14061
DigitalOcean, LLC
First Seen
Jun 2, 2025
Last Seen
Mar 31, 2026
Jun 2
First Seen
377d ago
Mar 31
Last Seen
74d ago
16
Reports
source reports
47%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hessen
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

16 reports47% confidence
16
Source reports
47%
Confidence score
Category tags
abuseactive scanactive scanningapacheapache attackerattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attackscommand and controlcommunication technologiescompromised credential attemptconpot activityconpot attacksconpot honeypotcowrie activitycowrie attackscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase exploitation attemptsddosddos probedecoy systemdionaea activitydionaea honeypotdionaea interactionsdistributed attackseuropeexploitation activityftp brute forcegermanyhackingheralding activityhoneytrap honeypothttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinjection activityiot securityiot/ics attackipphoney activityipphoney honeypotlamplamp attacklamp exploit attemptslamp exploitation attemptsmalicious activitymalicious payload detectionmalicious probingmalicious softwaremalwaremalware behaviourmalware capturemobile carriersmobile networksnetworknetwork intrusion attemptsnetwork scanningnetwork securityodin-benignpassword attacksphishingphishing attackprocess injectionransomwarereconnaissanceresearchedscannersftp activitysftp attacksftp attemptssocial engineeringsocradar honeypotssh attackssh monitoringt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1041t1046t1055t1059t1068t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1595t1595.001t1595.002t1595.003tannertelecom servicestelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized access attemptsverified-benignweb application attacks

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
16
Reports
First seenJun 2, 2025
Last seenMar 31, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hessen
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1188, 8.6843

VirusTotal

Not checked

WHOIS

description
2025-06-06T09:31:26.622272384Z Honeypot : Ipphoney : Source: 64.227.118.8 : Port: 631 Query: {'request_id': '00000001', 'version': '2.1', 'groups': [{'group_type': 'Operation-Attributes-Tag', 'attributes': [{'attribute_name': 'attributes-charset', 'attribute_type': 'charset', 'attribute_value': ['utf-8']}, {'attribute_name': 'attributes-natural-language', 'attribute_type': 'language', 'attribute_value': ['en-us']}, {'attribute_name': 'printer-uri', 'attribute_type': 'uri', 'attribute_value': ['ipp://99.18.26.18:631/ipp']}, {'attribute_name': 'requested-attributes', 'attribute_type': 'keyword', 'attribute_value': ['all']}]}], 'operation': 'Get-Printer-Attributes'} request_method: POST
raw
inetnum: 64.226.192.0 - 64.235.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2024-04-03T13:54:22Z last-modified: 2024-04-03T13:54:22Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 16 threat reports