IOC Radar
IPMediumSignal 100/100

94.159.102.167

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS215730
H2nexus LTD
First Seen
Nov 18, 2024
Last Seen
Mar 15, 2026
Nov 18
First Seen
574d ago
Mar 15
Last Seen
93d ago
29
Reports
source reports
99%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS215730
OrganizationH2nexus LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

29 reports99% confidence
29
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningapplication layer protocolattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksbotnetbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute_forcecisco devicecommand and controlcompromised credentialscowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential_accessctadata exfiltrationddos attackddos preparationdedecoy systemdenial of servicedevice managementdistributed attacksenterprise networkingeuropeeurope/asiaexploitationfailed loginfailed login attemptsftp brute forcegame_servergb-based activitygeoipgermanyhoneytrap honeypotinformation technologyinfrastructure acquisitionreconnaissanceinitial accessit infrastructurelamplamp server attacklateral movement techniqueslogin attacklogin attackslogin failuremalicious activitymalicious payloadmalicious softwaremalwaremanualnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork reconnaissancenetwork scanningnetwork service scanningnoticeoceaniapassword attacksphishing attackpotential exploit attemptspotential intrusionprocess injectionproxyreconnaissanceremote accessremote service exploitationresearchedrussiarussian federationscannerscanning activityscripting attackssecurity operationssecurity policysftp attacksocial engineeringsoftware developmentssh attackssh monitoringstaging_servert1021t1021.001t1021.002t1021.004t1041t1046t1055t1059t1059.004t1059.007t1068t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1566.001t1566.002t1566.003t1587.001t1588t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontpotceunauthorized accessunauthorized access attemptsunited kingdomvalid accountsvpsweb application attackweb attackweb brute forceweb exploitation

Activity Timeline

1 total obs
Mar 15Mar 15

Threat Activity Heatmap

· Peak: 2026-03-15
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
29
Reports
First seenNov 18, 2024
Last seenMar 15, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS215730
OrgH2nexus LTD
Coords50.1169, 8.6837
Proxy

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
references
https://github.com/telekom-security/tpotce, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 29 threat reports