IOC Radar
IPMediumSignal 71/100

64.227.127.44

Location
GermanyGermany
Frankfurt am Main, HE
ASN
AS14061
DigitalOcean, LLC
First Seen
Mar 25, 2025
Last Seen
Feb 22, 2026
Mar 25
First Seen
455d ago
Feb 22
Last Seen
121d ago
14
Reports
source reports
71%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, HE
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

14 reports71% confidence
14
Source reports
71%
Confidence score
Category tags
abuseactive scanningadbhoney honeypotadbhoney interactionsattackauthentication attemptsbankingbotnetbrute forcebrute force attackcommand and controlcommunication protocolcowrie activitycowrie attackscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationdatabase attackdecoy systemdenial of servicedionaea activitydionaea exploit attemptsdionaea honeypotdionaea malware collectiondistributed attackseuropefinancefinance and insurancefinancial servicesfinancial technologyftp brute forcegermanyhackingimapimap attackindicatorintrusion detectionipphoney dataipphoney honeypotmailoney activitymailoney honeypotmalicious activitymalicious sip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturenetworknetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attackspayment processingphishingphishing attackphishing trapprocess injectionreconnaissanceremote servicesresearchedresource hijackingscannerscanning activitysentrypeer activitysentrypeer botnetsentrypeer connectionssftp access attemptssftp attacksip brute forcesip scanningsip vulnerability scansmtpsmtp attackersocial engineeringssh attackssh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.001t1059.004t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner interactionstelecommunicationsthreat actorthreat intelligencetpotunauthorized access attemptvoipvoip attackwealth managementweb application attackweb exploitationweb scanner

Activity Timeline

1 total obs
Feb 22Feb 22

Threat Activity Heatmap

· Peak: 2026-02-22
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
14
Reports
First seenMar 25, 2025
Last seenFeb 22, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, HE
ASNAS14061
OrgDigitalOcean, LLC
Coords50.1188, 8.6843

VirusTotal

Not checked

WHOIS

description
2025-04-01T10:07:25.753Z Honeypot : Tanner : Source: 64.227.127.44 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '3f8460e7-4ebc-4fe7-b81b-e74f6c0c1f4a'}}}
raw
inetnum: 64.226.192.0 - 64.235.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2024-04-03T13:54:22Z last-modified: 2024-04-03T13:54:22Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 14 threat reports