IOC Radar
IPMediumSignal 49/100

194.180.49.33

Location
GermanyGermany
Berngau, VA
ASN
AS201814
HostSlick
First Seen
Jan 7, 2025
Last Seen
May 14, 2026
Jan 7
First Seen
524d ago
May 14
Last Seen
31d ago
14
Reports
source reports
49%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryDEGermany
RegionBerngau, VA
ASNAS201814
OrganizationHostSlick

IP Category

VPN
VPN exit node

Feed Intelligence Summary

14 reports49% confidence
14
Source reports
49%
Confidence score
Category tags
abuseackactive scanactive scanningapi keyaptattackbad reputationbad web botbgbotnetbotnet activitybrute forcebrute force attackbrute force attacksbulgariac2 communicationciscocisco devicecisco exploitationcisco exploitation attemptcommand & controlcommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdedecoy systemdefault companydenial of servicedevice managementdionaeadionaea activitydionaea honeypotdistributed attacksenterprise networkingeuropeexploit public-facing applicationexploitation activityexploited hostfirstftpgermanygraph summaryhackinghoneytrap honeypothttp scannerhttpsidentity & access exploitationindicatorinjection activityinjection attacksiot securityiot targetedjoinlamplamp exploitationlamp exploitation attemptslogin attackmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork activitynetwork attacksnetwork infrastructurenetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaopenctipassword attackpassword attackspolandprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannersentrypeer activitysentrypeer botnetservice enumerationsftpsftp attacksftp attemptsipsip scanningsmtpsshssh attackssh monitoringsynt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.003t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeunited statesvalue avoipvoip attackvpnvpn ipweb application attackweb exploitationweb trafficwhois lookups

Activity Timeline

1 total obs
May 14May 14

Threat Activity Heatmap

· Peak: 2026-05-14
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
14
Reports
First seenJan 7, 2025
Last seenMay 14, 2026
GeolocationDE
CountryGermany
LocationBerngau, VA
ASNAS201814
OrgHostSlick
Coords39.0814, -77.6443
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 194.180.49.0 - 194.180.49.255 netname: Dedicated_Servers_IP_Range descr: Dedicated Servers IP Range org: ORG-RA1050-RIPE country: DE admin-c: LW2980-RIPE tech-c: LW2980-RIPE mnt-routes: mnt-de-maximilian-1 mnt-domains: mnt-de-maximilian-1 status: ASSIGNED PA mnt-by: MNT-NETERRA created: 2023-12-05T06:13:12Z last-modified: 2023-12-05T06:13:12Z source: RIPE organisation: ORG-RA1050-RIPE org-name: RAZI Network org-type: OTHER address: Hauptstrasse 31 92361 Berngau, DE admin-c: LW2980-RIPE tech-c: LW2980-RIPE abuse-c: ACRO59441-RIPE mnt-ref: AZERONLINE-MNT mnt-ref: voldeta-mnt mnt-ref: mnt-de-maximilian-1 mnt-ref: lir-bg-telco-1-MNT mnt-ref: MNT-NETERRA mnt-by: mnt-de-maximilian-1 created: 2022-07-26T19:20:40Z last-modified: 2025-10-11T13:27:28Z source: RIPE # Filtered person: Razi Network address: 5605 SW Orleans St Seattle WA 98116 phone: +4917661200655 org: ORG-RA1050-RIPE nic-hdl: LW2980-RIPE mnt-by: mnt-de-maximilian-1 created: 2022-07-26T19:16:27Z last-modified: 2025-05-13T15:24:37Z source: RIPE # Filtered
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 14 threat reports