IOC Radar
IPMediumSignal 50/100

185.91.127.14

Location
GermanyGermany
Eygelshoven, Limburg
ASN
AS49581
Tube VPS
First Seen
Oct 20, 2024
Last Seen
Jan 26, 2026
Oct 20
First Seen
611d ago
Jan 26
Last Seen
148d ago
10
Reports
source reports
50%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

14 techniques

Network Information

CountryDEGermany
RegionEygelshoven, Limburg
ASNAS49581
OrganizationTube VPS

Feed Intelligence Summary

10 reports50% confidence
10
Source reports
50%
Confidence score
Category tags
abuseabusech-threatfox-c2cactive scanningattackautomated threat huntingautomated-huntc2c2 communicationcommand and controlcyber threat advisorydata encryptioneuropeextortiongermanyindicatorindicators of compromiselummastealermalicious activitymalwaremalware analysismalware distributionnetworknetwork communicationnetwork traffic analysispattern 49pattern-49ransomwareransomware threat intelligencereconnaissanceredlineresearchedscannersystem disruptiont1059t1071t1071.001t1105t1189t1204t1486t1490t1547t1566t1588t1595.001t1595.002t1595.003threat actorthreat actor ttpsunattributed threat actorunknown-malware

Activity Timeline

1 total obs
Jan 26Jan 26

Threat Activity Heatmap

· Peak: 2026-01-26
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
10
Reports
First seenOct 20, 2024
Last seenJan 26, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Limburg
ASNAS49581
OrgTube VPS
Coords50.8933, 6.0580

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.91.127.0 - 185.91.127.127 netname: TUBE-VPS country: DE admin-c: FZ2701-RIPE tech-c: FZ2701-RIPE status: SUB-ALLOCATED PA mnt-by: FZ-IP-MNT created: 2023-05-28T12:05:10Z last-modified: 2023-05-28T12:05:10Z source: RIPE person: Ferdinand Zink address: Schlesierstr. 7, 97631 Bad K�nigshofen phone: +4924045969470 nic-hdl: FZ2701-RIPE mnt-by: FerdinandZink-MNT mnt-by: FZ-IP-MNT created: 2019-11-18T21:36:40Z last-modified: 2022-06-12T10:45:52Z source: RIPE # Filtered route: 185.91.127.0/24 origin: AS49581 mnt-by: FZ-IP-MNT created: 2023-05-24T07:14:49Z last-modified: 2023-05-24T07:14:49Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 10 threat reports