IPMediumSignal 88/100
185.203.216.248
Location
GermanyKarlsruhe, CA
ASN
AS51167
Packethub S.A
First Seen
Apr 15, 2026
Last Seen
May 23, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionKarlsruhe, CA
ASNAS51167
OrganizationPackethub S.A
Feed Intelligence Summary
16 reports88% confidence
16
Source reports
88%
Confidence score
Category tags
abuseactive scanactive scanningbad reputationbad web botblocklistbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcecowriecredential accesscredential stuffingddosddos attackdedigital oceandionaeaeuropeexploitexploitation activityfattgermanyhackingidentity & access exploitationindicatornetworknorth americap0fpassword attacksping of deathportscanreconnaissanceresearchedscannerscannerssensor-taggedservice scanssh attackt1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003tannertpotunited statesvulnerability scanvulnerability-exploitationvultrweb app attack
Activity Timeline
May 23May 23
Threat Activity Heatmap
· Peak: 2026-05-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
16
Reports
First seenApr 15, 2026
Last seenMay 23, 2026
GeolocationDE
CountryGermany
LocationKarlsruhe, CA
ASNAS51167
OrgPackethub S.A
Coords34.0494, -118.2661
VirusTotal
Not checked
WHOIS
- description
- Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.203.216.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).
- raw
- inetnum: 185.203.216.0 - 185.203.217.255 netname: TT-20240522 descr: Contabo GmbH country: DE org: ORG-CG316-RIPE admin-c: MH7476-RIPE tech-c: MH7476-RIPE abuse-c: MH12453-RIPE status: ASSIGNED PA mnt-by: MNT-CONTABO created: 2024-05-22T11:41:31Z last-modified: 2024-05-29T14:28:02Z source: RIPE organisation: ORG-CG316-RIPE org-name: Contabo GmbH org-type: other remarks: * Please direct all complaints about Internet abuse like Spam, hacking or scans * remarks: * to [email protected] . This will guarantee fastest processing possible. * address: Welfenstrasse 22 address: 81541 address: Munchen address: GERMANY phone: +498921268372 fax-no: +498921665862 abuse-c: MH12453-RIPE mnt-ref: MNT-CONTABO mnt-ref: de-net1-1-mnt mnt-by: MNT-CONTABO mnt-ref: TERRATRANSIT-MNT mnt-by: TERRATRANSIT-MNT mnt-by: de-net1-1-mnt mnt-ref: de-tt1data-1-mnt created: 2021-11-09T22:12:54Z last-modified: 2025-11-26T16:26:17Z source: RIPE # Filtered person: Johannes Selg address: Contabo GmbH address: Welfenstr. 22 address: 81541 M�nchen phone: +49 89 21268372 fax-no: +49 89 21665862 nic-hdl: MH7476-RIPE mnt-by: MNT-CONTABO mnt-by: MNT-GIGA-HOSTING created: 2010-01-04T10:41:37Z last-modified: 2025-12-05T12:12:21Z source: RIPE route: 185.203.216.0/23 origin: AS51167 mnt-by: MNT-CONTABO created: 2024-05-22T11:41:31Z last-modified: 2024-05-29T14:15:39Z source: RIPE
- references
- https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-16/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 23 days ago
Appeared in 16 threat reports