Summary (Bottom Line Up Front)
Automated reconnaissance activity observed from 87.106.164.191 (IONOS SE/Germany) conducting HTTP-based scanning operations over 7-day period with 86 total events. Assessed as LOW threat level with medium-confidence scanner classification exhibiting bot-like user agent patterns. Actor demonstrated limited scope targeting single destination port with no observed exploit delivery or credential brute-forcing attempts.
Activity Timeline
INITIAL REPORT2026-03-14T16:29:30Z
Source: Analyst Manual Entry
Automated reconnaissance activity observed from 87.106.164.191 (IONOS SE/Germany) conducting HTTP-based scanning operations over 7-day period with 86 total events. Assessed as LOW threat level with medium-confidence scanner classification exhibiting bot-like user agent patterns. Actor demonstrated limited scope targeting single destination port with no observed exploit delivery or credential brute-forcing attempts.
Technical details
Traffic analysis revealed HTTP, TCP, and TCP SYN protocols utilized across scanning operations targeting unique destination port. MITRE ATT&CK technique T1592 (Gather Victim Host Information) mapped to observed reconnaissance behavior. Actor employed Go HTTP client library for automated requests generating scanner/scan_user_agent_bot pattern signatures with 6 confirmed hits at medium confidence. No CVE exploitation attempts detected in traffic flows. Source infrastructure presented single open service on port 22 (SSH). IOC: 87.106.164.191 with 100/100 AbuseIPDB reputation score indicating prior malicious reporting.
IOCs
IP:87.106.164.191
ASN:8560
COUNTRY:DE
CVES: null