Summary (Bottom Line Up Front)
IP address 87.106.146.151 (Germany) conducted low-volume reconnaissance scanning targeting HTTP login endpoints between February 26-March 5, 2026. Assessment indicates LOW threat level with potential for escalation to credential attacks. Organizations should monitor for follow-up authentication attempts from this source.
Activity Timeline
INITIAL REPORT2026-03-23T09:08:58Z
Source: Analyst Manual Entry
IP address 87.106.146.151 (Germany) conducted low-volume reconnaissance scanning targeting HTTP login endpoints between February 26-March 5, 2026. Assessment indicates LOW threat level with potential for escalation to credential attacks. Organizations should monitor for follow-up authentication attempts from this source.
Technical details
- Source: 87.106.146.151 (Germany, ASN unknown, AbuseIPDB score 100/100)
- Activity Period: February 26, 2026 15:00 - March 5, 2026 03:00 (UTC)
- Volume: 44 events targeting single destination port via HTTP/TCP protocols
- Behavior: Standard HTTP GET requests to login endpoints using bot user agents
- MITRE Technique: T1595.002 (Active Scanning: Vulnerability Scanning)
- Kill Chain Phase: Reconnaissance
- IOCs: 87.106.146.151
IOCs
IP:87.106.146.151
COUNTRY:DE
Recommendations
- Block or rate-limit traffic from 87.106.146.151 at perimeter firewalls and web application firewalls
- Monitor authentication logs for brute-force attempts targeting previously scanned login endpoints
- Review and strengthen authentication mechanisms on web applications, particularly login pages
- Implement enhanced logging for HTTP requests to sensitive endpoints (login, admin panels)
- Consider deploying additional monitoring for reconnaissance patterns preceding authentication attacks