IOC Radar
IPMediumSignal 86/100

185.232.70.209

Location
GermanyGermany
Nuremberg, Bavaria
ASN
AS197540
netcup GmbH
First Seen
Dec 31, 2022
Last Seen
Nov 14, 2025
Dec 31
First Seen
1272d ago
Nov 14
Last Seen
223d ago
7
Reports
source reports
86%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryDEGermany
RegionNuremberg, Bavaria
ASNAS197540
Organizationnetcup GmbH

IP Category

Proxy
Proxy server

Feed Intelligence Summary

7 reports86% confidence
7
Source reports
86%
Confidence score
Category tags
aaaaacceptaccept encodingaccess controlacintaddressaddress firstaddress googleadwareaerospace & defenseagentai applicationsai researchai solutionsaigaig claimsalexaalexa proxyalexa topall octoseekall searchapi blogappdataapple iosapplication developmentartemisartificial intelligenceas autonomousascii textasiaattackaustriaautomotive manufacturingawfulbackbank securitybankerbazaloaderbazarloaderbeach researchbehavbinary fileblacklist httpblacklist httpsbodybotnetworkbrian sabeyc2camera usagecanada unknownchecked urlchromecisco devicecisco umbrellacivil servicesclassclassic poemscleanerclick-based attackcnamecobalt strikecode executioncode injectioncoinminercommand and controlcommand executioncommunication protocolcomodo rsacompromised hostcomputer visionconduitcontent lengthcontent typecontrol servercorecountry unknowncovid19creation datecredential harvestingcyber stalkingcyber threatcyber threatsdarksidedarkside ransomwaredata accessdata centerdata copyingdata encryptiondata exfiltrationdata transferdatabase securityddos attacksde indicatorsde pagede summarydeep learningdefensedefense contractingdefense logisticsdefense systemsdefense technologydetail domainsdetection listdevelopment methodologiesdevice controldevice managementdevopsdnspionagedocs pricingdomains showdownerdownldrdrive bydroppeddropperedsaidelectronics manufacturingemailsemotetencryptengineeringenterprise networkingentrieserroret toret useragentseuropeexitexpiration dateexploitexploitationextortionfalconfalcon sandboxfilefilesfiles locationfinancefinancial institutionfinancial servicesfireholfollowfor privacyframes domainfree poemsfriendship poemsfueryfusioncoregeneral fullgeneratorgenericgermanyget h2gmbh versiongooglegovernment technologygsqueuegts cahashesheavenheavensher beamherselfheurhidden usershistorical sslhong konghosthostinghostname enumerationhostname serverhttp attackhttp headerhttp scannerhttpshybridice fogicedidiframeindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjectinjection attacksinput validation bypassinternet of thingsinternet stormiobitiociot botnetiot/ics attackipasns ipipv4isotopeit infrastructurejpeg imagekalikeyloggerknown torkong asnkuaiziplaplasclipperlinks certslocalloginlondonlove poemsmachine learningmail spammermainmalicious activitymalicious downloadmalicious linksmalicious sitemalicious softwaremaltiverse safemaltiverse topmalvertisingmalvertizingmalwaremalware distributionmalware hostmalware sitemanufacturing technologymarkmark brian sabeymarkmonitormediamessage interceptionmetadata analysismeterpretermetromilitary operationsmillionmirai botnetmisc attackmitre attackmonitoringmovedmsiemwinname serversname valuename verdictnanocore ratnational securitynatural language processingnetworknetwork infrastructurenetwork scanningnetwork trafficnextnextraynircmdnjratnode tcpnode trafficopenotx octoseekpage urlparent parentpassive dnspatcherpath traversalpattern matchphishingphishing attackphishing sitepng imagepoempoem topicspoemspoetryponypornhubpresent marprocess injectionprocess manufacturingproduct developmentprotocol h2proud eveningproxypublic administrationpublic infrastructurepublic policypulse indicatorpulse pulsespulse submitpythonqbotquality assurancequality controlquasar ratquery typeradar ineractiveradar trackingrankransomwarereconnaissancerecord valueredline stealerrefreshregexregulatory agenciesrelated nidsrelicremote attacksresearchedresource hashresponse ipreverse dnsromantic poemsroundupsabeysafe browsingsafe sitesamplessatellite trackingscan endpointsscanning hostscriptscript urlssearchsearch livesecure serversecurity operationssecurity policysecurity tlsseen asnseen lastserversserviceshone paleshowingsiteskynetskynet botsocial engineeringsocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware testingspammerspanssl certificatestarstatusstatus hostnamestealerstringssummarysupply chain managementsvg scalableswrortsystemsystem disruptiont1003t1005t1027t1030t1035t1043t1055t1056t1056.001t1059t1059.001t1059.003t1059.007t1068t1071t1071.001t1071.004t1078t1090t1105t1110.002t1114t1140t1173t1176t1179t1189t1190t1203t1204t1204.001t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1587.001t1589.001t1590.001t1595.003tag counttags nonetcp trafficteamtext archiverthanthou bearestthreat actorthreat intelligencethreat preventionthreat reportthreat roundthreat roundupthreatstiggretofseetoolstopictopicstor knowntor relayroutertraffictrojan malwaretrojanspytsara brashearstwitterumbrella rankunionunitedunited kingdomunknown trafficunsafeurlsurls dateurls httpuser executionvaluevector graphicswacatacwaypoint objectweb application exploitationweb crawlerweb crawlingweb exploitationweb securityweb trafficwestlawwestlaw njratwhois recordwhois whoiswindows ntx poweredx sucurixratxtratyandexyndxzbotzeuszuorat

Activity Timeline

1 total obs
Nov 14Nov 14

Threat Activity Heatmap

· Peak: 2025-11-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
7
Reports
First seenDec 31, 2022
Last seenNov 14, 2025
GeolocationDE
CountryGermany
LocationNuremberg, Bavaria
ASNAS197540
Orgnetcup GmbH
Coords49.4423, 11.0191
Proxy

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 7 months ago
Appeared in 7 threat reports