IPMediumSignal 64/100

`204.76.203.219`

Location

Germany

Eygelshoven, Limburg

ASN

AS51396

Intelligence Hosting LLC

First Seen

Jan 29, 2025

Last Seen

Jun 5, 2026

Jan 29

First Seen

499d ago

Jun 5

Last Seen

6d ago

Reports

source reports

64%

Confidence

medium

Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

98 techniques

Network Information

Country

Germany

RegionEygelshoven, Limburg

ASNAS51396

OrganizationIntelligence Hosting LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

23 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningadb honeypot activityadbhoney activityadbhoney exploitsadbhoney honeypotanomalous network connectionsapacheapplication layer protocolasiaattackattacker ipsattacker-ipaustraliaauthentication attackauthentication attacksauthentication attemptsauthentication brute forceback orificebad reputationbad web botblacklist activityblacklist candidateblacklist checkblacklist hitblacklist indicatorsblacklist iocblacklist ipblacklist ip activityblacklist ip detectedblacklist ip detectionblacklist trafficblacklist_activityblacklist_ipblacklist_ip_addressblacklisted ipblacklisted ip activityblacklisted ip detectedblacklisted ip detectionblacklisted ip indicatorsblacklisted ipsblock listblock.txtblog spambotnetbotnet activitybotnet communicationbotnet compromised hostbotnetactivitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercertchinachina mobilecisco brute forcecisco devicecisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco targetingcisco_exploitcode executioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcommunication securitycommunication technologiescompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnected devicesconpot activityconpot exploitationconpot honeypotcontainer securitycowriecowrie activitycowrie artifactscowrie attackcowrie capturecowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie_attackcredential accesscredential attackcredential brute forcingcredential brute-forcingcredential compromisecredential harvestingcredential stuffingcredential_accesscurlcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase login attemptdatabase scanningdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedenial-of-service attemptdevice managementdhcpdhcp abusedhcp attackdhcp attacksdhcp discoverydhcp exploitationdhcp probingdhcp scandhcp scanningdhcp spoofingdhcp starvationdigital oceandionaeadionaea activitydionaea alertdionaea artifactsdionaea attackdionaea capturedionaea eventsdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch access attemptelasticsearch access attemptselasticsearch attackelasticsearch brute forceelasticsearch enumerationelasticsearch exploitationelasticsearch exploitation attemptselasticsearch exposureelasticsearch monitoringelasticsearch probingelasticsearch scanelasticsearch scanningelasticsearch securityelasticsearch vulnerability scanencryptionenterprise networkingenumerationeuropeeurope/asiaexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfranceftpftp attackftp attacksftp brute forceftp brute-forceftp bruteforceftp protocolgalahgermanygluttongopothackinghellpotheralding activityherolding attackshk abusehandlerhoneynet connecthoneypot datahoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttphttp attackhttp brute forcehttp null sessionhttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapimap attackimap brute forceimap probingimap protocolimap scanimap scanninginbound scanindicatorindustrial control systemsindustrial iotinformation gatheringinformation technologyinitial accessinitial_accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotit infrastructurekibanalamplamp attacklamp attackslamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server targetinglamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlamp vulnerability scanninglamp_exploitlateral movementlcialdapldap attackldap brute forceldap bruteforceldap enumerationldap exploitationldap exploitation attemptsldap probingldap scanldap scanninglog4potlogin attemptmailmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious email activitymalicious file transfermalicious ipmalicious ip activitymalicious login attemptmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious payload distributionmalicious scanmalicious softwaremalicious software detectionmalicious software targetingmalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware download attemptsmalware propagationmedpotmemcache abusememcache access attemptmemcache amplification attemptmemcache brute forcememcache exploitationmemcache probingmemcache scanmemcache scanningmemcached access attemptmemcached amplificationmemcached amplification attemptmemcached attackmemcached brute forcememcached enumerationmemcached exploitationmemcached exploitation attemptsmemcached exposurememcached probingmemcached scanmemcached scanningmiraimirai botnetmobile carriersmobile networksmod securityms-sqlmssqlmssql attackmssql brute forcemssql bruteforcemssql databasemssql exploitationmssql probingmssql scanmssql scanningmysql brute forcenetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnlnorth americantpntp abusentp amplificationntp amplification attacksntp amplification attemptntp attackntp exploitationntp probingntp protocolntp scanntp scanningobserved malicious activityoceaniaoracleoracle attackoracle brute forceoracle bruteforceoracle databaseoracle database attackoracle database securityoracle enumerationoracle exploitationoracle exploitation attemptsoracle probingoracle scanoracle scanningp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible botnet communicationpossible botnet infectionpossible credential reusepossible credential stuffingpossible malware distributionpossible malware infectionpossible malware probingpossible malware propagationpossible malware uploadpossible reconnaissancepostgres brute forcepostgres enumerationpostgres exploitationpostgres scanpostgresql attackpostgresql brute forcepostgresql bruteforcepostgresql exploitationpostgresql scanpostgresql scanningpostgresql securitypotential botnet activitypotential credential theftpotential malware distributionprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol scanproxyproxy accessqhoneypot activityqhoneypot detectedqhoneypot detectionqhoneypot emulationqhoneypot interactionqhoneypot interactionsqhoneypot related activityransomwareransomware activityrcereconnaissancereconnaissance activityredis brute forceredis bruteforceredis enumerationredis exploitationredis exploitation attemptsredis exposureredis honeypotredis probingredis scanredis scanningredis securityremote accessremote access attackremote access attemptsremote code executionremote service exploitationremote servicesresearchresearchedresource hijackingscanscannerscanner activityscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer eventssentrypeer interactionssentrypeer targetedserver exploitationservice discoveryservice enumerationservice exploitationservice exploitation attemptservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp exploitation attemptssftp scanningsftp_attackshell accessshell access attemptsip attackssip brute forcesip heraldingsip probingsip scansip scanningsip vulnerability probingsip vulnerability scansip_attacksippskypesmart devicessmb brute forcesmb bruteforcesmb enumerationsmb exploitationsmb probingsmb scansmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp enumerationsmtp probingsmtp scanningsnaresnmp attackssnmp enumerationsnmp exploitationsnmp probingsnmp scansocial engineeringsocks5socks5 attacksocks5 brute forcesocks5 probingsocks5 proxysocks5 proxy abusesocks5 proxy activitysocks5 proxy attemptsocks5 proxy detectionsocks5 proxy scanningsocks5 proxy usagesocks5 scansocks5 scanningsocradar honeypotsoftware developmentsoftware exploitationsora botnetspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh bruteforcessh monitoringssh-brutessh_bruteforcesuricata alertsuricata alertssystem discoverysystem disruptionsystembc botnett-pott-pot frameworkt1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1555t1558t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1572t1573t1573.001t1583t1588t1588.002t1588.006t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcptcp protocoltcp scantelecom servicestelecommunicationstelnet bruteforcetelnet scanningtelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottsecturkeyudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunited kingdomunited statesus abuseus nonevnc probingvnc protocolvnc scanvnc scanningvoipvoip attackvpnvpn ipvulnerability scanweb app attackweb applicationweb application attackweb application attacksweb application scanningweb attackweb exploitationweb exploitsweb login attemptweb server attackweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficwgetwordpot

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenJan 29, 2025

Last seenJun 5, 2026

GeolocationDE

CountryGermany

LocationEygelshoven, Limburg

ASNAS51396

OrgIntelligence Hosting LLC

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=NL; ports=8291 Location=Sydney, Australia.
raw: inetnum: 204.75.230.0 - 204.76.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2025-07-08T14:17:14Z last-modified: 2025-07-08T14:17:14Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references: https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

`204.76.203.219`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy