IPMediumSignal 48/100
2.205.209.144
Location
GermanyNeumarkt in der Oberpfalz, Bavaria
ASN
AS3209
ARCOR-IP
First Seen
Apr 8, 2026
Last Seen
Apr 10, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionNeumarkt in der Oberpfalz, Bavaria
ASNAS3209
OrganizationARCOR-IP
Feed Intelligence Summary
6 reports48% confidence
6
Source reports
48%
Confidence score
Category tags
active scanactive scanningbrute forcebrute force attackcredential accesscredential stuffingeuropeexploitation activitygermanyidentity & access exploitationindicatornetworkpassword attacksreconnaissanceresearchedscannersmtpsmtp attackerssh attackt1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003
Activity Timeline
Apr 10Apr 10
Threat Activity Heatmap
· Peak: 2026-04-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, signals a significant and ongoing threat to organizational security. With a threat score of 47.8, it indicates a high likelihood of malicious intent, primarily associated with reconnaissance, brute force attacks, and credential compromise attempts. The presence of this IOC within an organization's network perimeter or logs could suggest an an active attempt by adversaries to gain unauthorized access or discover exploitable weaknesses. If left …
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
6
Reports
First seenApr 8, 2026
Last seenApr 10, 2026
GeolocationDE
CountryGermany
LocationNeumarkt in der Oberpfalz, Bavaria
ASNAS3209
OrgARCOR-IP
Coords49.2321, 11.6716
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 2.0.0.0 - 2.255.255.255 CIDR: 2.0.0.0/8 NetName: 2-RIPE NetHandle: NET-2-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2009-09-29 Updated: 2009-09-30 Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois Ref: https://rdap.arin.net/registry/ip/2.0.0.0 ResourceLink: https://apps.db.ripe.net/search/query.html ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois://whois.ripe.net ResourceLink: https://apps.db.ripe.net/search/query.html OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN inetnum: 2.200.0.0 - 2.207.255.255 netname: DE-D2VODAFONE-20101118 country: DE org: ORG-VDG1-RIPE admin-c: VG5226-RIPE admin-c: BRST1-RIPE tech-c: BRST1-RIPE tech-c: SCJO2-RIPE tech-c: VFAB2-RIPE tech-c: KRHE1-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: MMO-MNT mnt-lower: MMO-MNT mnt-lower: ARCOR-MNT mnt-domains: MMO-MNT mnt-domains: ARCOR-MNT mnt-routes: MMO-MNT mnt-routes: ARCOR-MNT created: 2010-11-18T14:28:59Z last-modified: 2018-09-07T08:57:36Z source: RIPE # Filtered organisation: ORG-VDG1-RIPE org-name: Vodafone GmbH org-type: LIR address: Ferdinand-Braun-Platz 1 address: 40549 address: Duesseldorf address: GERMANY phone: +49211533-0 admin-c: VG5226-RIPE admin-c: LEIF-RIPE abuse-c: AR13551-RIPE tech-c: VG5226-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MMO-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MMO-MNT created: 2004-04-17T11:06:26Z last-modified: 2019-12-20T12:33:35Z source: RIPE # Filtered role: Legal Requests for german agencies only address: Am Seestern 1 address: D-40547 Duesseldorf address: Germany org: ORG-VDG1-RIPE phone: +49 172 7654934 fax-no: +49 1520 917 2007 mnt-by: MMO-MNT admin-c: LEIF-RIPE tech-c: BRST1-RIPE nic-hdl: VFAB2-RIPE created: 2008-06-30T13:48:16Z last-modified: 2010-12-08T09:38:05Z source: RIPE # Filtered role: Vodafone GmbH address: Ferdinand-Braun-Platz 1 address: D-40549 Duesseldorf admin-c: BRST1-RIPE admin-c: KRHE1-RIPE admin-c: SCJO2-RIPE tech-c: BRST1-RIPE abuse-mailbox: [email protected] nic-hdl: VG5226-RIPE mnt-by: MMO-MNT created: 2018-09-07T07:42:19Z last-modified: 2018-09-07T08:16:42Z source: RIPE # Filtered person: Stephan Braehler address: Vodafone GmbH address: Ferdinand-Braun-Platz 1 address: D- 40549 Duesseldorf phone: +49 211 533 2224 nic-hdl: BRST1-RIPE mnt-by: MMO-MNT created: 2006-09-02T08:47:08Z last-modified: 2018-09-07T07:05:10Z source: RIPE # Filtered person: Herwarth Krey address: Vodafone D2 GmbH address: Am Seestern 5 address: D-40547 Duesseldorf address: Germany phone: +49 211 533 2224 nic-hdl: KRHE1-RIPE mnt-by: MMO-MNT created: 2002-04-08T13:03:19Z last-modified: 2010-11-23T10:57:44Z source: RIPE # Filtered person: Jens-Olaf Schmidt address: Vodafone D2 GmbH address: Am Seestern 5 address: D-40547 Duesseldorf address: Germany phone: +49 211 533 2224 mnt-by: MMO-MNT nic-hdl: SCJO2-RIPE created: 2007-11-19T13:15:20Z last-modified: 2011-01-28T10:26:32Z source: RIPE # Filtered route: 2.204.0.0/14 descr: ARCOR-IP origin: AS3209 mnt-routes: ARCOR-MNT mnt-by: ARCOR-MNT created: 2017-05-30T05:58:18Z last-modified: 2017-05-30T05:58:18Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 2 months ago
Appeared in 6 threat reports