IOC Radar
IPMediumSignal 44/100

195.179.230.17

Location
GermanyGermany
Karlsruhe, Hesse
ASN
AS51167
Contabo GmbH
First Seen
Oct 29, 2025
Last Seen
Feb 5, 2026
Oct 29
First Seen
242d ago
Feb 5
Last Seen
143d ago
17
Reports
source reports
44%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryDEGermany
RegionKarlsruhe, Hesse
ASNAS51167
OrganizationContabo GmbH

Feed Intelligence Summary

17 reports44% confidence
17
Source reports
44%
Confidence score
Category tags
abuseaccess controlactive scanningapacheaptasiaattackattacker ipaustraliaback orificebad web botblacklist activityblacklisted ip addressblacklisted ipsbotnetbotnet communicationbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2cgichinacisco devicecommand and controlcommand executioncommand injectioncommunication protocolcompromised hostcompromised hostscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential stuffingcredential stuffing attemptdata encryptiondata exfiltrationdatabase exploitationdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdhcpdhcp attackdionaea honeypotdionaea interactionsdionaea payloadsdirectory traversal attemptdistributed attacksdnselasticsearchelasticsearch attackenterprise networkingeuropeexploitexploit attemptexploit attemptsexploit kitexploitation attemptexploitation attemptsexploited hostexploitsfattfatt detectionsfatt signaturesfraud voipftpftp attackftp attacksftp brute forcegermanygponhackinghnaphoneytrap eventshoneytrap honeypothoneytrap interactionshttp probinghttp scannerhttp scanninghttpsidsimapimap attackindiaindicatorindicators of compromiseinformation gatheringinitial accessinjection attacksinput validation bypassinternet-facingintrusion detectioniocitalylamplamp server attacklamp stack attacklateral movementldapldap attackmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious domainsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware communicationmalware deliverymalware distributionmemcached attackmozimssqlmssql attacknetgearnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork-based attack attemptsnorth americantpntp attackoceaniaoracleoracle attackp0fp0f signaturespassword attackpassword attackspath traversalphishing attackphishing trapping of deathpossible botnet infectionpossible credential reusepossible mirai variantpostgresql attackprocess injectionprotocol abuseprotocol exploitationrcerdp attacksreconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingrouter exploitationscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationsftp activitysftp attacksmtpsmtp attackssmtp probingsoapsocks5socks5 attacksql injectionsql injection attemptssh attackssh attacksssh monitoringsuricata alertssystembct-pott1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.001t1059.003t1059.005t1059.007t1068t1071t1071.001t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1202t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1565t1566t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstcp protocoltelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontpotudp port scanunauthorized loginunited statesvnc protocolvoipvoip attackvulnerability scanweb application attackweb application exploitationweb attackweb exploitationweb server exploitweb trafficxss attempt

Activity Timeline

1 total obs
Feb 5Feb 5

Threat Activity Heatmap

· Peak: 2026-02-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
17
Reports
First seenOct 29, 2025
Last seenFeb 5, 2026
GeolocationDE
CountryGermany
LocationKarlsruhe, Hesse
ASNAS51167
OrgContabo GmbH
Coords50.1109, 8.6821

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 4 months ago
Appeared in 17 threat reports