IOC Radar
IPMediumSignal 51/100

103.252.90.129

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS44486
RW Hosting
First Seen
Aug 5, 2025
Last Seen
Jun 12, 2026
Aug 5
First Seen
310d ago
Jun 12
Last Seen
today
15
Reports
source reports
51%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS44486
OrganizationRW Hosting

Feed Intelligence Summary

15 reports51% confidence
15
Source reports
51%
Confidence score
Category tags
abuseactive scanactive scanningadbadbhoney honeypotandroidanomalous network connectionsaptasiaattackbad reputationbad web botblacklisted ipblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcec2china mobilecisco devicecolumnscommand and controlcommunication protocolcompany limitedcompromised hostcowriecowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdatabase enumerationddosddos attackddos attacksdedecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaeadionaea attackdionaea honeypotdistributed attacksdropperelfenterprise networkingeuropeexploitation activityexploitation attemptsexploited hostfattfinlandfranceftp brute forceftp scangermanyhackinghk abusehandlerhoneytrap honeypothong konghttp request anomalieshurricane usinbound scanindicatorinjection activityinternet of thingsiot botnetiot securityiot targetediot/ics attacklamplamp attackmailoney attackmailoney honeypotmalicious activitymalicious email activitymalicious ipmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemiraimirai botnetmobile threatnetworknetwork infrastructurenetwork intrusion attemptsnetwork scannetwork scanningnetwork securitynetwork service scanningnorth americaopen-diropendirp0fpassword attackspgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible malware distributionpossible malware probingpotential malware hostingprocess injectionprotocol exploitationreconnaissancereconnaissance activityresearchedresource hijackingsaint helena, ascension and tristan da cunhascanscannerscannersscripting attackssecurity operationssensor-taggedsentrypeer attacksentrypeer botnetservice scansftp access attemptsftp attacksip brute forcesip scansip scanningsmtp brute forcesmtp scansmtp scanningsocial engineeringsocradar honeypotspamsql injectionsshssh attackssh monitoringt1005t1016t1018t1021t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.007t1065t1068t1071t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1592t1595t1595.001t1595.002t1595.003tannertanner attacktargeting databasetcptelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencetimeouttop10.txttopips.txttpotua-wgetunited statesus nonevoipvoip attackvultrweb app attackweb application attackweb application scanningweb attackweb exploitation

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
15
Reports
First seenAug 5, 2025
Last seenJun 12, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS44486
OrgRW Hosting
Coords50.1109, 8.6821

VirusTotal

Not checked

WHOIS

description
Observed making inbound scans on 2026-06-10 12:00:20
raw
inetnum: 103.252.90.0 - 103.252.90.255 netname: RW-Hosting country: DE descr: RW-Hosting - 122 rue Amelot, 75011, Paris, France admin-c: iRC4-RIPE tech-c: iRC4-RIPE status: ASSIGNED PA mnt-by: MNT-INTERCOLO created: 2021-03-19T08:33:55Z last-modified: 2023-05-12T11:23:46Z source: RIPE role: intercolo Ripe Coordination address: INTERCOLO GMBH address: Carl-Goerdeler-Stra�e 114 address: 60320 FRAKFURT address: GERMANY phone: +49.69564060 remarks: remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: * In case of abuse like SPAM, Hack Attacks, Scans, etc. * remarks: * please mail to: --> abuse [@] intercolo.net <-- * remarks: * Inquiries can only be processed, * remarks: * if sent to the correct address * remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: abuse-mailbox: [email protected] admin-c: ICMG-RIPE tech-c: ICMG-RIPE nic-hdl: iRC4-RIPE mnt-by: MNT-INTERCOLO created: 2011-06-16T12:35:42Z last-modified: 2024-03-18T14:09:13Z source: RIPE # Filtered route: 103.252.88.0/22 origin: AS44486 mnt-by: MNT-INTERCOLO created: 2021-03-17T11:07:17Z last-modified: 2021-03-17T11:07:17Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen today
Appeared in 15 threat reports