IOC Radar
IPMediumSignal 100/100

141.76.94.18

Location
GermanyGermany
Dresden, SN
ASN
AS680
TUD Netd Measurement
First Seen
May 8, 2025
Last Seen
Mar 3, 2026
May 8
First Seen
399d ago
Mar 3
Last Seen
101d ago
23
Reports
source reports
99%
Confidence
medium
1/91
VirusTotal
detections
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryDEGermany
RegionDresden, SN
ASNAS680
OrganizationTUD Netd Measurement

IP Category

Proxy
Proxy server

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanningadbhoney activityadbhoney exploitsadbhoney honeypotapacheapplication exploitationattackbad web botbankingblacklist candidateblacklist ipbotnetbrute forcebrute force attackbrute force attemptsbrute_forcec2 communicationc2 servercertcisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptcisco_exploitcloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcommunication technologiescompromised hostcompromised hostsconpot activityconpot honeypotcowrie activitycowrie honeypotcowrie interactionscowrie ssh attackscowrie_attackcredential accesscredential harvestingcredential stuffingcredential stuffing attemptscredential_accesscredit card servicescve exploitationdata exfiltrationdata theftdatabase attackdatabase exploitation attemptsdatabase securityddosddos attackddos attacksddos attemptdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondirectory traversaldistributed attacksenterprise networkingeuropeexploitexploit attemptexploit kit activityexploit probingexploited hostexploitsfinancefinancial servicesfinancial technologyftpftp brute forcegermanyhackingheralding activityhoneytrap honeypothttp brute forcehttp scannerhttp scanninghttps scanningics securityindicatorindustrial control systemsinformation gatheringinitial accessinitial_accessinjection attacksinternet of thingsintrusion detectioniociot botnetiot device targetingiot/ics attackipphoney activityipphoney honeypotlamplamp exploit attemptlamp exploit attemptslamp stack targetinglamp_exploitlinux malwaremail protocol abusemailoney honeypotmalicious activitymalicious network activitymalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware download attemptsmirai botnetmobile carriersmobile networksmysql brute forcenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americapassword attackspayment processingphishingphishing attackphishing trapphp injection attemptsping of deathpolandpossible botnet activitypossible malware distributionpossible malware propagationpotential compromiseprocess injectionprotocol abuseprotocol exploitationproxyproxy protocolrcereconnaissancereconnaissance activityremote service exploitationremote servicesresearchedresource developmentresource hijackingscanscannerscannersscanning activityscripting attackssecurity policysentrypeer activitysentrypeer botnetservice probingsftp access attemptssftp activitysftp attacksftp_attackshell uploadsip brute forcesip scanningsip_attacksocial engineeringsocradarsocradar honeypotspamsql injection attemptsssh attackssh monitoringssh_bruteforcet-pott1016t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltelecom servicestelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotunauthorized accessunauthorized access attemptunited statesus /32voipvoip attackwarsawwealth managementweb application attackweb application attacksweb attackweb exploitationweb scannerweb shellweb spamweb trafficwindows malwarexss

Activity Timeline

1 total obs
Mar 3Mar 3

Threat Activity Heatmap

· Peak: 2026-03-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenMay 8, 2025
Last seenMar 3, 2026
GeolocationDE
CountryGermany
LocationDresden, SN
ASNAS680
OrgTUD Netd Measurement
Coords51.0464, 13.6986
Proxy

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Scans hitting the server at TCP port 8080 HTTP and PROXY. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 141.76.94.0 - 141.76.95.255 netname: TUD-NETD-MEASUREMENT descr: Internet measurement research conducted by the Chair of Distributed descr: and Networked Systems at TU Dresden. country: DE admin-c: TUD-RIPE tech-c: NO2603-RIPE abuse-c: AR77015-RIPE status: LEGACY mnt-lower: MWAEHLISCH-MNT remarks: mnt-by: TU-DRESDEN-MNT created: 2025-05-30T10:19:42Z last-modified: 2025-05-30T16:57:58Z source: RIPE role: NETD Ops address: GERMANY address: Dresden address: 01069 address: Helmholtzstr. 10 phone: +4935146338261 nic-hdl: NO2603-RIPE mnt-by: MWAEHLISCH-MNT created: 2024-10-11T07:10:25Z last-modified: 2024-10-11T07:10:26Z source: RIPE # Filtered role: TU Dresden / ZIH org: ORG-TUD6-RIPE address: Technische Universit�t Dresden address: Zentrum f�r Informationsdienste und Hochleistungsrechnen (ZIH) address: Zellescher Weg 12-14 address: D-01060 Dresden address: Germany phone: +4935146335450 admin-c: SCS571-RIPE tech-c: SCS571-RIPE tech-c: CF2368-RIPE tech-c: MB2187 nic-hdl: TUD-RIPE mnt-by: TU-DRESDEN-MNT created: 2023-04-17T12:20:33Z last-modified: 2023-04-17T18:36:20Z source: RIPE # Filtered route: 141.76.0.0/16 descr: TUDINF-LAN origin: AS680 mnt-by: DFN-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:33:18Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2025-07-24/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrwarsaw-snmp-bruteforce-ip-list-2025-07-24/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 23 threat reports