IOC Radar
IPMediumSignal 61/100

8.211.45.218

Location
GermanyGermany
Frankfurt am Main, HE
ASN
AS45102
Alibaba.com Singapore E-Commerce Private Limited
First Seen
Jun 26, 2024
Last Seen
Jun 3, 2026
Jun 26
First Seen
717d ago
Jun 3
Last Seen
10d ago
29
Reports
source reports
61%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, HE
ASNAS45102
OrganizationAlibaba.com Singapore E-Commerce Private Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

29 reports61% confidence
29
Source reports
61%
Confidence score
Category tags
abuseaccount compromiseack scanactive scanactive scanningadbhoney honeypotadbhoney interactionsamerican expressapacheapache attackeraptasiaattackattack attemptattacker ipattacker ip addressesattacker-ipaustraliaauthentication abuseauthentication attemptsauto-generated securityautomated attacksautomated threatautomated-attackbad reputationbad web botblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attemptbruteforcec2c2 communicationc2 servercanadacertchinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnect scanconpot honeypotconpot interactionscontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingctacurldata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdedecoy systemdenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal scanningexternal threatexternal-scanningexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgermanygithubgluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanninghuaweiicmp scanics securityidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access vectorinjection activityinjection attacksinternet background noiseinternet facinginternet facing assetinternet scaninternet-facinginternet-facing systemsinternet-wide scaninternet_scannersintrusion detectioniocioc.ipiocsiot exploit attemptsiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 port scanningipv4_addressjapankibanalamplamp attacklamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetlamp server targetinglamp stack attacklamp stack targetinglateral movementlateral movement techniqueslcialinux serverslinux systemslinux-server-attacklinux_server_attackslog4potlogin attemptlogin_attemptlondonmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ip activitymalicious ip listmalicious network activitymalicious payload detectionmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware_activitymanualmass scanningmasscanmedpotmssqlmssql brute forcenation-state activitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_reconnaissancenetwork_scanningnmapnmap scannorth americanull port scannull scanoceaniaopen port detectionopenctiopportunistic attackos detectionos fingerprintingosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible malicious activitypossible malware distributionpossible malware probingpossible mirai variantpotential botnet activitypotential credential compromisepotential exploit attemptspotential intrusionpotential malware deliverypotential threat activitypotential vulnerability scanprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspublic cloudpythonransomwareransomware activityreconnaissancereconnaissance activityredis honeypotremote accessremote servicesresearchedresource hijackingscams & fraudscannerscanner ipscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp-attackshell accesssipsip attackssip brute forcesip scanningsippslugsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcestealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesst-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1027t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat_intelligencetimeouttokyotor nodetpotudp port scanudp scanudp-scanningunattributed threat actorunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized network activityunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown threat actorus noneversion detectionvnc protocolvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb brute forceweb exploitweb exploitationweb login attemptweb shellweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackwestpac new zealandwgetwordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
29
Reports
First seenJun 26, 2024
Last seenJun 3, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, HE
ASNAS45102
OrgAlibaba.com Singapore E-Commerce Private Limited
Coords50.1188, 8.6843
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
inetnum: 6.0.0.0 - 9.128.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2024-12-09T14:26:02Z last-modified: 2024-12-09T14:26:02Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 29 threat reports