IOC Radar
IPMediumSignal 46/100

176.94.185.62

Location
GermanyGermany
Munich, NW
ASN
AS3209
Marzillier & Dr. Meier Rechtsanwaltgesellschaft mbH
First Seen
Nov 18, 2024
Last Seen
May 8, 2026
Nov 18
First Seen
584d ago
May 8
Last Seen
47d ago
20
Reports
source reports
46%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryDEGermany
RegionMunich, NW
ASNAS3209
OrganizationMarzillier & Dr. Meier Rechtsanwaltgesellschaft mbH

Feed Intelligence Summary

20 reports46% confidence
20
Source reports
46%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlactive scanactive scanninganomalous network connectionsapacheapplication layer protocolasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failuresauthentication_attackauto-generated securityautomated attackautomated threatbad reputationbanlist feedbinary defenseblacklisted ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobileciscocisco devicecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredential_accessctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftddosddos attackdedecoy systemdenial of servicedenial-of-service attemptdevice managementdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit scanningexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexternal ipexternal_scanningfail2ban alertfail2ban blockfail2ban blocked ipfail2ban eventfail2ban logsfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed loginsftpftp brute forcegame_servergb_origingeoipgermanygithubhackinghk abusehandlerhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimap brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocipv4it infrastructurelamplateral movementlogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin failuremailmalaysiamalicious activitymalicious ip activitymalicious softwaremalicious trafficmalwaremalware distributionmanualmod securitymysqlnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork_enumerationnginxnorth americanoticeoceaniapassword attackpassword attackspassword crackingpgp signphishingphishing attackping of deathpossible botnet activitypossible malware distributionpotential intrusionprocess injectionprotocol exploitationpythonransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote servicesresearchedscanscannerscannersscanning activitysecurity operationssecurity policyserverservice scanservice scanningsftpsftp attacksftp exploit attemptsipsip brute forcesip scanningslugsmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringssh scanningstaging_serversurface webt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.004t1065t1068t1071t1071.001t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodeunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvoipvpsvps securityvulnerability scanwebweb application attackweb brute forceweb exploitationweb traffic

Activity Timeline

1 total obs
May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
20
Reports
First seenNov 18, 2024
Last seenMay 8, 2026
GeolocationDE
CountryGermany
LocationMunich, NW
ASNAS3209
OrgMarzillier & Dr. Meier Rechtsanwaltgesellschaft mbH
Coords51.5350, 6.4389

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 176.94.185.56 - 176.94.185.63 netname: MARZMEI-NET descr: Marzillier & Dr. Meier Rechtsanwaltgesellschaft mbH descr: Prinzregentenplatz 23 descr: D-81675 Muenchen descr: GERMANY country: DE admin-c: ANOC1-RIPE tech-c: ANOC1-RIPE status: ASSIGNED PA mnt-by: ARCOR-MNT created: 2024-09-12T10:21:06Z last-modified: 2024-09-12T10:21:06Z source: RIPE # Filtered role: Vodafone Germany IP Core Backbone address: Vodafone GmbH address: Campus Eschborn address: Duesseldorfer Strasse 15 address: D-65760 Eschborn address: Germany phone: +49 6196 52352105 remarks: trouble: Security issues [email protected] remarks: trouble: Information http://www.vodafone.de remarks: trouble: Peering contact [email protected] remarks: trouble: Operational issues : remarks: [email protected] remarks: trouble: Address assignment [email protected] admin-c: SM9000-RIPE admin-c: NH4266-RIPE admin-c: JS19072-RIPE admin-c: IE1226-RIPE admin-c: TK11590-RIPE admin-c: FB3293-RIPE admin-c: TG2269-RIPE tech-c: NH15-RIPE nic-hdl: ANOC1-RIPE mnt-by: ARCOR-MNT created: 2002-07-11T08:48:33Z last-modified: 2025-01-20T12:18:04Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 176.94.128.0/17 descr: ARCOR-IP origin: AS3209 mnt-by: ARCOR-MNT created: 2012-07-26T08:21:13Z last-modified: 2012-07-26T08:21:13Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-30/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 20 threat reports