94.26.106.30

Summary (Bottom Line Up Front)

Malicious activity detected from 94.26.106.30 (DE, AS48452). 273 events observed across ADB, TCP, TCP/SYN, http. AI verdict: NOISE.

ADB TCP TCP/SYN http
ADB_ATTACK POLICY SCANNER
Activity Timeline
INITIAL REPORT2026-05-29T07:07:50Z
Source: Analyst Manual Entry
Malicious activity detected from 94.26.106.30 (DE, AS48452). 273 events observed across ADB, TCP, TCP/SYN, http. AI verdict: NOISE.
Technical details
Protocols: ADB, TCP, TCP/SYN, http
Attack types: ADB_ATTACK, POLICY, SCANNER
Unique destination ports: 2
Active window: 2026-05-12 15:53:21.510408 to 2026-05-29 01:50:58.798347
Top patterns: adb_connect, adb_shell, suricata_sid_2000418, adb_command, suricata_sid_2060252
IOCs
IP:94.26.106.30
ASN:48452
COUNTRY:DE
Recommendations
  • Block 94.26.106.30 at perimeter firewall
  • Monitor other traffic from AS48452
  • Review correlated attacker profiles for campaign links
Threat Assessment
Threat Level LOW
AI Verdict NOISE
Confidence 30%
Total Events 273
AbuseIPDB 100/100
Indicators of Compromise
ip 94.26.106.30
asn 48452
country DE
Captured Payloads (2)
CRITICAL POLICY TCP:5555 
ET INFO Executable and linking format (ELF) file download
medium SCANNER http:8080 
Go-http-client