IOC Radar
IPMediumSignal 79/100

103.252.89.75

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS44486
Finxhost Com
First Seen
Sep 21, 2025
Last Seen
Jun 5, 2026
Sep 21
First Seen
266d ago
Jun 5
Last Seen
9d ago
22
Reports
source reports
79%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS44486
OrganizationFinxhost Com

IP Category

Proxy
Proxy server

Feed Intelligence Summary

22 reports79% confidence
22
Source reports
79%
Confidence score
Category tags
abuseabusech-urlhaus-c2caccess controlactiveactive scanactive scanningadbadb protocoladbhoney honeypotand exploitation attemptsaptarmattackattacker ipaustraliaauthentication abuseautomated attackbad reputationbad web botbetseblacklist ipblacklisted ip addressblog spambotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcebytebytearmc2certcisco brute forcecisco devicecisco exploitation attemptscommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostscompromised systemconnected devicesconpot honeypotcowriecowrie capturecowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential attackcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea capturedionaea honeypotdionaea interactionsdionaea malware detectiondionaea payloadsdirectory traversaldistributed attacksdnsdns attackdropped-by-amadeyelasticpot honeypotelasticsearch monitoringelfencryptionenterprise networkingeuropeeurope/asiaexeexecutable fileexploitexploit attemptexploit attemptsexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threatfattfatt analysisfatt detectionsfatt signaturesfirst seenftpftp attacksftp brute forcegafgytgeneric exploitgermanygithubhackinghoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannericmpics attacksics securityics/scada systemsidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinfostealerinitial accessinitial access attemptinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot analyticsiot applicationsiot attacksiot botnetiot platformsiot securityiot systemsiot targetediot/ics attackipphoney honeypotlamplamp exploit attemptslamp exploitation attemptslast seenlateral movementlateral movement attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious network activitymalicious payloadmalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmipsmiraimirai botnetmodbusmodbus protocolmozimulti-protocol network scanningnetworknetwork attacksnetwork devicesnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnwhstealeroceaniaopendirot attacksp0fp0f signaturespassword attacksphishingphishing attackphishing trapping of deathportscanpossible credential reusepossible malware infectionprocess injectionprotocol exploitationproxyproxy protocolransomwarerdp attacksreconnaissancereconnaissance activityredis honeypotredishoneypot activityremote accessremote access attackremote servicesresearchedresource hijackingrisks7comms7comm protocolsalatstealerscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionssentrypeer sip attacksserver exploitationservice scansftp access attemptssftp attacksftp attemptsftp protocolshsip attackssip brute forcesip protocolsip scanningsip vulnerability scansmart devicessmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringssh protocolstatusstealcsuricata alertssystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1029t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1592t1595t1595.001t1595.002t1595.003tagstannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotturkeytypeua-wgetunauthenticated access attemptsunknown threat actorurlsvantaratvnc protocolvoipvoip attackvoip attacksvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb attackweb attacksweb exploitationweb serversweb spamweb trafficx86zip

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
22
Reports
First seenSep 21, 2025
Last seenJun 5, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS44486
OrgFinxhost Com
Coords50.1109, 8.6821
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=fatt, p0f, tanner; threshold?1; private IPs excluded. geo=DE; ports=80,443; proto=http Location=Sydney, Australia.
raw
inetnum: 103.252.89.0 - 103.252.89.255 netname: finxhost-com country: DE descr: From-Host Best Protected Server, 99.99% Uptime Guaranteed admin-c: iRC4-RIPE tech-c: iRC4-RIPE status: ASSIGNED PA mnt-by: MNT-INTERCOLO created: 2021-03-19T08:33:56Z last-modified: 2022-10-03T22:10:50Z source: RIPE role: intercolo Ripe Coordination address: INTERCOLO GMBH address: Carl-Goerdeler-Stra�e 114 address: 60320 FRAKFURT address: GERMANY phone: +49.69564060 remarks: remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: * In case of abuse like SPAM, Hack Attacks, Scans, etc. * remarks: * please mail to: --> abuse [@] intercolo.net <-- * remarks: * Inquiries can only be processed, * remarks: * if sent to the correct address * remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: abuse-mailbox: [email protected] admin-c: ICMG-RIPE tech-c: ICMG-RIPE nic-hdl: iRC4-RIPE mnt-by: MNT-INTERCOLO created: 2011-06-16T12:35:42Z last-modified: 2024-03-18T14:09:13Z source: RIPE # Filtered route: 103.252.88.0/22 origin: AS44486 mnt-by: MNT-INTERCOLO created: 2021-03-17T11:07:17Z last-modified: 2021-03-17T11:07:17Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 9 days ago
Appeared in 22 threat reports