87.106.111.135

Summary (Bottom Line Up Front)

Malicious actor at 87.106.111.135 (IONOS SE/Germany) conducted sustained scanning operations against network infrastructure from February 28 to March 5, 2026, with a maximum AbuseIPDB threat score of 100/100. This represents a HIGH threat level indicating active reconnaissance likely preceding exploitation attempts. Immediate blocking and enhanced monitoring of scanning activities is recommended.

HTTP TCP TCP/SYN

SCANNER

Activity Timeline

INITIAL REPORT2026-03-10T15:10:47Z

Source: Analyst Manual Entry

Technical details

Source: 87.106.111.135 (AS8560 IONOS SE, Stuttgart, Germany)
Campaign Duration: February 28, 2026 01:00 - March 5, 2026 05:00 (6-day span)
Attack Volume: 28 events targeting single destination port
Protocols: HTTP, TCP, TCP/SYN scanning
Primary TTPs: Automated scanning using bot user agents (SCANNER/scan_user_agent_bot pattern)
Infrastructure: Linux-based system with SSH (port 22) exposed, no reverse DNS resolution
Threat Indicators: 100% malicious reputation score, sustained reconnaissance behavior
MITRE ATT&CK: T1595 (Active Scanning) - Network service discovery activities

IOCs

IP:87.106.111.135

ASN:8560

COUNTRY:DE

Recommendations

Block source IP 87.106.111.135 at perimeter firewalls and web application firewalls immediately
Implement rate limiting and behavioral analysis for HTTP requests with automated/bot user agent strings
Monitor for follow-on exploitation attempts against services that were scanned during the February 28 - March 5 timeframe
Review logs for any successful connections or unusual activity from IONOS SE (AS8560) address space
Consider blocking or applying additional scrutiny to traffic from AS8560 if operationally feasible