IOC Radar
IPMediumSignal 79/100

178.18.251.208

Location
GermanyGermany
Lauterbourg, Grand Est
ASN
AS51167
Contabo GmbH
First Seen
Feb 25, 2026
Last Seen
May 31, 2026
Feb 25
First Seen
109d ago
May 31
Last Seen
15d ago
18
Reports
source reports
79%
Confidence
medium
9/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryDEGermany
RegionLauterbourg, Grand Est
ASNAS51167
OrganizationContabo GmbH

Feed Intelligence Summary

18 reports79% confidence
18
Source reports
79%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningattackaustraliaauthentication attemptsbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcecloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdedecoy systemdenial of servicedhcpdigital oceandistributed attackselasticsearchencryptioneuropeexploitation activityexploited hostexport-to-otxfrfranceftpftp brute forceftp brute-forceftp bruteforcegermanyhackinghoneypot 24h activityhttp brute forceidentity & access exploitationimapindicatorinformation gatheringinjection activityinjection attacksiot securityiot targetedipv4ipv4 threatslateral movementldaplogin_attemptmalicious activitymalwaremelbourne regionmispmssqlnetworknetwork intrusion attemptnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service discoverynetwork_activityntpoceaniaopenctioraclepassword attacksphishingphishing attackportscanpostgresprotocol exploitationransomwarerdp scanningreconnaissanceredisremote accessremote servicesresearchedresource hijackingscanscannerscannerssecurity policyserver exploitationservice enumerationservice scansmbsnmpsocial engineeringsocks5socradar honeypotspamsql injectionsshssh attackssh bruteforcessh monitoringt1021t1021.001t1021.002t1021.004t1040t1046t1059t1059.003t1059.005t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1566.001t1566.002t1566.003t1592t1595t1595.001t1595.002t1595.003targeting databasetcp scantelnettelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp port scanudp scanunattributed activityunited kingdomvncvnc protocolvultrvultr infrastructure targetedweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
18
Reports
First seenFeb 25, 2026
Last seenMay 31, 2026
GeolocationDE
CountryGermany
LocationLauterbourg, Grand Est
ASNAS51167
OrgContabo GmbH
Coords51.2993, 9.4910

VirusTotal

9/ 91vendors flagged
10% detection rateJun 6, 2026

WHOIS

raw
inetnum: 178.18.248.0 - 178.18.255.255 netname: CONTABO country: DE admin-c: MH7476-RIPE tech-c: MH7476-RIPE status: ASSIGNED PA mnt-by: MNT-CONTABO created: 2021-04-12T19:10:04Z last-modified: 2021-04-12T19:10:04Z source: RIPE person: Johannes Selg address: Contabo GmbH address: Welfenstr. 22 address: 81541 M�nchen phone: +49 89 21268372 fax-no: +49 89 21665862 nic-hdl: MH7476-RIPE mnt-by: MNT-CONTABO mnt-by: MNT-GIGA-HOSTING created: 2010-01-04T10:41:37Z last-modified: 2025-12-05T12:12:21Z source: RIPE route: 178.18.248.0/21 origin: AS51167 mnt-by: MNT-CONTABO created: 2021-04-12T17:11:18Z last-modified: 2021-04-12T17:11:18Z source: RIPE
references
https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-26/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 15 days ago
Appeared in 18 threat reports