IPMediumSignal 91/100

`194.163.146.119`

Location

Germany

Lauterbourg, NW

ASN

AS51167

Contabo

First Seen

Sep 17, 2024

Last Seen

May 5, 2026

Sep 17

First Seen

631d ago

May 5

Last Seen

36d ago

Reports

source reports

91%

Confidence

medium

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

91%

Signal Score

91 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

62 techniques

Network Information

Country

Germany

RegionLauterbourg, NW

ASNAS51167

OrganizationContabo

Feed Intelligence Summary

16 reports91% confidence

Source reports

91%

Confidence score

Category tags

.plaaaaaaaa nxdomainabuseabuseipdbacceptaccessaccess controlaccess ta0001access ta0006account securityactive scanactive scanningactivity beaconactivity miraiadded activeaddressaddress domainadware malwareafricaag albertoag ingoair forceakamaialertsalienvault_ransomwareall quietall scoreblueall searchamerica cityanalyzer pasteanalyzer threatandarielandroidanomalous fileapacheappdataappleartemisas35994 akamaiasiaasnoneasnone dnsasnone germanyasnone relatedasnone unitedattackaustraliaaustriaav detectionsavast avgavg clamavbackdoorbad reputationbankingbelgiumbiosbitsbittorrent dhtbodybody doctypebody headbotnetbotnet activitybrazilbreaking newsbrian sabeybrute forcebrute force attackc2 checkincapacapecatalog treecentos webcharter communicationscheckcheckinchilechina unknownchromecisco umbrellaclickable urlsclosecloud infrastructurecnamecnapple publiccnc beaconcodecode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication protocolcontent lengthcontent typecontrol ta0011cookiecopycountry unitedcp buscreation datecredential accesscredential stuffingcredit card servicescrypcur conocus cndigicertcus cngtscus ouservercyber folkscyber warfarecyberfolksczechia unknowndarkwatchmandata accessdata copyingdata exfiltrationdata redacteddata store exposuredata transferddosddos attacksdecoy systemdefense evasiondeletedelete cdelete filedelete shadowsdelphidemonbotdenverdenver coloradodetected m1detection listdigital mediadiscovery e1082discovery t1082distributed attacksdiv divdnsdns attackdockdomaindoscom cdr citydrwebdynamicdynamicloadere1203 datae1564 hiddenecaccecho requestee edcje4jekyxeemailsemails infoencryptencryptionenterprise securityentertainment technologyentriesentries httpenumerateeofaeeraseerroret infoet p2pet trojanetproetpro malwareetpro trojaneuropeeurope/asiaevasion ob0006evasion ta0005example domainexpiration dateexpires thuexploitexploit noneexploitationexploitation activityfakedout threatfastly errorfederation asnfilefilerepmalwarefilesfiles cfiles domainfiles ipfiles locationfiles matchingfilesadobe cfin ivdofinancefinancial servicesfinancial technologyfindfixed lineflag unitedfor privacyformatfoundfrancegafgytgamesgeckogermanyget httpgoogle safegrumguardguatemalahasheshashes capehat serverhelloworldhichinahide artifactshighhistorical otxhitmenholidaycheck aghomehome networkhondurashosthostinghostnamehostname enumerationhtml publichttphttp attackhttp headershttp hosthttp requesthttp scannerhuawei hg532huawei remotehungaryhx88x89icmpicmp trafficidentity & access exploitationidsids detectionsietfdtd htmlimmobilien agimpact ob0008impact ta0040inboundinc orgidinc usageindicatorindonesiainformation gatheringinformation ispinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassinstallintelinternet of thingsintrusion detectioninvalid pointerinvalid urliocsiosiot botnetiot securityiot/ics attackipv4irelandireland unknownisp charterisp hostnameissuing cait infrastructurejapanjavascript cjujuboxkelihoskenyakhtmlkraupakurt waltherlabs pulseslevel 3licessline isplinuxlnmplnmp aloginlooklowfim1magic pdfmail spammermainmaldocmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware beaconmalware distributionmalware sitemalware trafficmalware wormmedia & entertainmentmedia centermedia distributionmediummemory patternmetametadata analysismethod statusmexicomexico unknownminiigd upnpmiraimirai botnetmirai variantmitmmitre attmobilemobile securitymobile threatmodify systemmodule loadmodules t1129moldova relatedmoldova unknownmoroccomovedmozillams windowsmsdefender aprmsiemultimedia productionmutexesname serversnation-state activitynetherlandsnetherlands asnnetworknetwork attacksnetwork scanningnetwork securitynextnext httpnidsno datanondnsnorth americanumberob0005 defenseobjectobject movedoceaniaodigicert incogoogle trustopenopen threatoperating systemoperating system securityos versionotx scoreblueouserver caoverview ipoxfordpacking t1045pandapanel forumpassive dnspassword attackspatch managementpath traversalpattern domainspayload hellopayment processingpcappdb pathpdf documentpdf executionpe resourcepedrazperuphishingphishing bankphy samopleaseplesk forumpolandpoland unknownpornportpostpost httppost utcorepowershellpragmaprocess injectionprocess t1543process32nextwproject piprotocol exploitationpulse httppulse pulsespulse submitpulsespulses nonepuma sepushpushdoquantum fiberqueryransomransomwarereadread creads softwarerealtek sdkreconnaissancerecord typerecord valuerecycle binredacted forrelated nidsrelated pulsesrelated tagsremote accessremote servicesrequestresearchedresolverrorreverse dnsrockrole titlerpcsrsa tlsrussiarussian federationsabeysafe sitesamplessandboxscams & fraudscanscan endpointsscannerscans showscript domainsscript scriptscript urlsscripting attackssea psearchsecure serversecurity policyserce internetuserverserver caserver errorserver headerserversserviceset cookieshellshowshowingsignals mutexessingaporesinkhole cookieslcc2slovakiasoa nxdomainsoap commandsocial media securitysocradar honeypotsoftware developmentsoftware exploitationsoftware vulnerabilitiessouth americaspainspamspammersportsssdeepssh attackssl certificatestatusstopstoragestreamstreaming servicessubjectsummarysuspsweepswippert1003t1005t1012t1021t1021.001t1023t1027t1030t1036t1040t1045t1047t1053t1055t1057t1059t1059 veryt1059.001t1059.007t1060t1064t1069.001t1071t1071.001t1078t1082t1083 readst1086t1089t1105t1106t1110.001t1110.002t1110.003t1110.004t1112t1119t1129t1133t1140t1143t1189t1189 foundt1190t1203t1204t1204.001t1204.002t1210t1485t1486t1496t1499.001t1499.002t1499.003t1564t1565t1566t1573t1587.001t1589.001t1590.001t1595.001t1595.002t1595.003ta0002 commandta0003 createtag counttagstaiwantcp protocoltcp/23telnet threattext cthailandthreat actorthreat intelligencethreat preventiontimo salzsiedertitletitle metatls rsatofseetoolstor nodetotaltptjswtrending videostrid adobetrojantrojan featurestrojan malwaretrojandroppertrojanspytsara brashearsttl valuetulachtypetype fixedtype gettype indicatorunitedunited kingdomunited statesunsafeupdated dateurlsurls httpurls httpsusage typeuserusersvalue snkzvhashvietnamviprevirtoolvirusvitrovulnerability scanwealth managementweatherweb application attackweb application exploitationweb exploitationweb securityweb trafficwhoiswhois lookupwin32 malwarewindowswindows checkwindows createwindows malwarewindows ntwindows serviceworldwritewrite cwrite filewsasendx cachex framex92xacxe exportyarayara detectionsyara ruleyomi hunterzenboxzune

Activity Timeline

1 total obs

May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

91%

Confidence

Reports

First seenSep 17, 2024

Last seenMay 5, 2026

GeolocationDE

CountryGermany

LocationLauterbourg, NW

ASNAS51167

OrgContabo

Coords51.1878, 6.8607

VirusTotal

Not checked

WHOIS

description: CC=DE ASN=AS51167 Contabo GmbH
raw: inetnum: 194.163.128.0 - 194.163.159.255 netname: CONTABO country: DE admin-c: MH7476-RIPE tech-c: MH7476-RIPE status: ASSIGNED PA mnt-by: MNT-CONTABO created: 2021-04-27T08:52:23Z last-modified: 2021-04-27T08:52:23Z source: RIPE person: Johannes Selg address: Contabo GmbH address: Aschauer Str. 32a address: 81549 Muenchen phone: +49 89 21268372 fax-no: +49 89 21665862 nic-hdl: MH7476-RIPE mnt-by: MNT-CONTABO mnt-by: MNT-GIGA-HOSTING created: 2010-01-04T10:41:37Z last-modified: 2024-04-15T11:05:18Z source: RIPE route: 194.163.128.0/18 origin: AS51167 mnt-by: MNT-CONTABO created: 2021-03-12T09:26:37Z last-modified: 2021-03-12T09:26:37Z source: RIPE
references: DISTINCTIO8.pdf, FileHash - SHA256 001f0ebe975b5f5a7e5272f53455635cc938a5a0129417f7e79c39df6cf65657 | Yara Detections: stack_string, IDS Detections: Win32/Tofsee.AX google.com connectivity check Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set, Tofsee: 'google.com' | https://www.gov50.icu |, ET TROJAN Win32/DarkWatchman Checkin Activity (POST) ( This is true. They sit around watching, following...), Alerts: procmem_yara injection_inter_process creates_largekey network_bind persistence_autorun antivm_generic_disk, Alerts: persistence_autorun_tasks spawns_dev_util cape_detected_threat injection_process_hollowing, hubt.pornhub.com | www.pornhub.com | pornative.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian || pin.it || https://pin.it/, www.sweetheartvideo.com || https://www.sweetheartvideo.com/tsara-brashears/, Unix.Trojan.Mirai-6981169-0: FileHash - SHA256 fe00b364b6b8342e3ce0dd146902ac3330ab976e87aca6be666efde39ea485da, IDS Detections: WGET Command Specifying Output in HTTP Headers, IDS Detections: D-Link Devices Home Network Administration Protocol Command Execution, Yara Detections: is__elf , DemonBot, Alerts: dead_host network_icmp tcp_syn_scan nolookup_communication writes_to_stdout, FileHash - SHA256 f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c, IDS Detections: Andariel Backdoor Activity (Checkin), Alerts: dead_host nids_malware_alert network_icmp nolookup_communication, DDoS:Linux/Gafgyt : FileHash - SHA256 358c2bd5b9e925dc23894dec18ce486c03d743cde766ce298ac1e2f00d86f0b2, IDS Detection: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound, IDS Detection: Mirai Variant User-Agent (Inbound) WebShell Generic - wget http - POST, IDS Detection: Observed Suspicious UA (Hello-World) Suspicious Activity potential UPnProxy, http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/, https://tulach.cc/ || tulach.cc || www-temp.metrobyt-mobile.com, apple-reactivate.com | appleweb-aem.apple.com | apple.com | revoked-aprtr1-tr1g1.apple.com | network-framework.apple.com, autodiscover.webcompanion.com || avc-gft-dashboard.apple.com || cac1-wwfde-wave.apple.com || demo27.apple.com, * https://github.com/MSUDenverSystemsEngineering/Salt-Instructional-18/tree/master/AppDeployToolkit, https://tulach.cc/ | tulach.cc |, http://hallrender.com/attorney/brian-sabey | www-temp.metrobyt-mobile.com, google.pl | aplikacja.ceidg.gov.pl | imaginecup.pl | microsoft.pl, 18teen.net | teensnow.com | grannies-porn.net | pornmd.com, www.pornhubselect.com | pornhub.software, ISP: Charter Communications Inc Usage Type Fixed Line ISP, dnvrco-pub-iedge-vip.email.rr.com spectrum.com Denver, Colorado USA, dnscache2b.cdptpa dnvrco-oms2ims-mta-svip-01.email dnvrco-queue04-ac.email dnvrco-ring-a62.email dnvrco-smss-f01-ac.email dnvrco-west-dhcpw-02., Reverse DNS dnvrco-pub-iedge-vip.email.rr.com, Crypt3.COYL FileHash - SHA256 cb536e2e5eb3b23a74702f80832ab964e7dfe07763300437b5ba581f464a108e, IDS Detections: Suspicious double Server Header Possible Kelihos, IDS Detections: Possible Kelihos Infection Executable Download With Malformed Header, telemetry-incoming.r53-2.services.mozilla.com, https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel, http://www.door.net/ARISBE/arisbe.htm, talk.plesk.com | 4evermusic.pl | nist.gov | alaska.gov.inbound10.mxlogic.net | publicfiles.fcc.gov, https://cdns.directv.com/resources/js/dtv/framework/plugins/jquery.placeholder.min.js | peri.com.pl

`194.163.146.119`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy