IPMediumSignal 80/100

`82.165.66.87`

Location

Germany

Frankfurt am Main, NW

ASN

AS8560

De Fra Ionos Cloud Fra

First Seen

Jan 20, 2026

Last Seen

Jun 6, 2026

Jan 20

First Seen

144d ago

Jun 6

Last Seen

8d ago

Reports

source reports

80%

Confidence

medium

Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

80%

Signal Score

80 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

Germany

RegionFrankfurt am Main, NW

ASNAS8560

OrganizationDe Fra Ionos Cloud Fra

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

18 reports80% confidence

Source reports

80%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningactive-attackadbhoney honeypotand injection attemptsapacheapplication layer protocolaptasiaattackattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthentication attemptsauthentication failureautomated attackautomated attack attemptsautomated attacksautomated threatautomated-attackbad reputationbad web botblacklist activityblacklisted ip activityblog spambothammerbotnetbotnet activitybotnet-activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2canadaciscocisco brute forcecisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromise attemptcompromised hostcompromised hostscompromised ip addresscompromised systemconnected devicesconpotconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-abusecredential-accesscredential-bruteforcingcredential-stuffingcvecyber-attackcyberattackdaily-feeddaily-threat-feeddata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdedecoy systemdenial of servicedenial-of-servicedevice managementdhcpdhcp scandhcp scanningdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attackselasticpot honeypotelasticsearchelasticsearch monitoringelasticsearch scanelasticsearch scanningemailencryptionenterprise networkingeuropeexploitexploit attemptsexploit probingexploitationexploitation activityexploitation attemptsexploited hostexploitsexternal access attemptsexternal threatfattftpftp brute forceftp brute-forcegermanyhackinghoneytrap datahoneytrap honeypothttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp-traffichttp/shttpshttps scanninghttps-trafficics securityidentity & access exploitationimapimap brute forceimap scanindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure monitoringinitial accessinitial access attemptinitial-accessinitial-access-attemptinitial_accessinjection activityinjection attacksinternet of thingsinternet-wide monitoringinternet-wide observationinternet-wide scanintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackip-addressip-addressesipphoney honeypotipv4ipv4 indicatoripv4 scanningit infrastructurejapanlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementldapldap brute forceldap scanlinux systemslogin brute forcelondonmailoney honeypotmalicious activitymalicious activity detectedmalicious domainmalicious infrastructuremalicious network activitymalicious payloadmalicious probemalicious softwaremalicious trafficmalicious-ipmalicious-scanmalwaremalware behaviourmalware capturemelbourne regionmemcache scanmemcached scanmemcached scanningmssqlmssql brute forcemssql scanmysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_scanningnorth americanoticentpntp scanntp scanningoceaniaopen proxyopenctiopportunistic-attackoracleoracle brute forceoracle scanoracle scanningp0fpassword attacksperimeter securityphishingphishing attackphishing trapping of deathport-scanport-scanningportscanpossible botnet activitypossible malware distributionpostgrespostgres scanpostgresql brute forcepotential attackpotential vulnerability exploitationprobing and exploitationprocess injectionprotocol exploitationproxypublic cloud targetingransomwarerealtime-wafreconnaissanceredisredis brute forceredis scanredis scanningremote accessremote access attemptremote access attemptsremote servicesresearchedresource hijackingscanscannerscanner detectionscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationserver securityservice enumerationservice scanservice-discoverysftpsftp attacksiemsipsip brute forcesip scanningsmart devicessmbsmb brute forcesmb scansmb scanningsmtpsmtp brute forcesmtp probingsnmpsnmp scansocial engineeringsocks5socks5 proxysocks5 scansocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh monitoringssh protocolsyn_scansystem accesssystem information discoveryt-pott1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1589.001t1589.002t1590t1590.002t1590.006t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp-scantelecommunicationstelnettelnet threattftpthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetor nodetpotudp port scanudp scanudp-scanunauthorized accessunauthorized access attemptunited statesunknown threat actorus ip addressvalid accountsvncvnc protocolvnc scanvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningvultrvultr infrastructurevultr infrastructure targetedweb app attackweb applicationweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-application-attackweb-vulnerabilitywordpress-cmsxmas_scan

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

80%

Confidence

Reports

First seenJan 20, 2026

Last seenJun 6, 2026

GeolocationDE

CountryGermany

LocationFrankfurt am Main, NW

ASNAS8560

OrgDe Fra Ionos Cloud Fra

Coords51.0880, 6.8845

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Score: 85/100 | Detector: threat_feed | Label: reported_abuse | Tags: compromised_host, reported_abuse
raw: inetnum: 82.165.66.0 - 82.165.66.255 netname: de-fra-ionos-cloud-fra descr: IONOS SE country: DE admin-c: IPAD-RIPE tech-c: IPOP-RIPE status: ASSIGNED PA mnt-by: AS8560-MNT created: 2024-10-11T14:32:40Z last-modified: 2025-06-03T16:17:35Z source: RIPE role: IP Administration address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPAD-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-20T17:24:09Z last-modified: 2025-09-26T12:26:46Z source: RIPE # Filtered role: IP Operations address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPOP-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-28T16:25:04Z last-modified: 2025-09-26T12:26:44Z source: RIPE # Filtered route: 82.165.0.0/16 descr: IONOS-PA-4 origin: AS8560 mnt-by: AS8560-MNT created: 2003-08-08T10:58:01Z last-modified: 2020-11-27T17:48:28Z source: RIPE # Filtered
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/

`82.165.66.87`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy