IOC Radar
IPMediumSignal 39/100

204.76.203.220

Location
GermanyGermany
Eygelshoven, Limburg
ASN
AS51396
Intelligence Hosting LLC
First Seen
Jan 29, 2025
Last Seen
May 31, 2026
Jan 29
First Seen
502d ago
May 31
Last Seen
15d ago
17
Reports
source reports
39%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

79 techniques

Network Information

CountryDEGermany
RegionEygelshoven, Limburg
ASNAS51396
OrganizationIntelligence Hosting LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports39% confidence
17
Source reports
39%
Confidence score
Category tags
abuseaccess controlaccount brute forceaccount compromiseactive scanactive scanningamplification attackanomalous network connectionsapplication layer attackasiaattackauthentication attacksbad reputationblacklist candidateblacklist ipblacklisted ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 communicationc2 ipc2 ipsc2 serverchina mobilecisco devicecolumnscommand & controlcommand and controlcommon credential attemptscommunication protocolcommunication securitycompany limitedcompromised hostcompromised hostscompromised systemsconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accessdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaeadionaea honeypotdistributed attacksdnsdns attackedge devicesenterprise networkingenumerationenumeration activitieseuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostftpftp brute forcegermanygrephackinghk abusehandlerhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshttps scanninghurricane usics securityidentity & access exploitationindicatorindustrial control systemsingress tool transferinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot devicesiot securityiot/ics attacklamplamp stack attacklinux malwarelogin attackmalicious activitymalicious downloadmalicious ipmalicious ip activitymalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware download attemptsmiraimirai botnetmirai-based malwaremysql brute forcenetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork layer attacknetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork video recordernetwork_reconnaissancenfs mountnorth americanvr exploitationobserved malicious activitypassword attackspassword sprayingpgp signphishingphishing attackphp injection attemptsplaypossible botnet activitypossible malware distributionpotential botnet activitypotential malware uploadpotential unauthorized accessprocess injectionprotocol exploitationproxyproxy protocolransomwarerapperbotrapperbot botnetrapperbot malwarereconnaissancereconnaissance activityremote accessremote servicesresearchedscanscannerscanning activityscripting attackssecurity operationssecurity policyservice enumerationservice scansftpsftp attackshellsip brute forceskypesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotspamsql injection attemptssshssh attackssh monitoringstranget-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.004t1059.005t1059.007t1065t1068t1070t1071t1071.001t1076t1078t1078.001t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1125t1133t1140t1189t1190t1195t1203t1204t1204.002t1210t1486t1495t1496t1498t1499t1499.001t1499.002t1499.003t1499.004t1547t1560t1563t1565t1566t1566.001t1566.002t1566.003t1568t1573t1573.001t1589t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetbps scale attacktcptcp protocoltelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetimeouttop10.txttopips.txttor nodetpottpotcetxt recordunauthorized access attemptunauthorized access attemptsundergroundunited statesupgradeus abuseus nonevnc protocolvolumetric ddosvulnerability scanweb application scanningweb attackweb exploitationweb trafficwindows malware

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
17
Reports
First seenJan 29, 2025
Last seenMay 31, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Limburg
ASNAS51396
OrgIntelligence Hosting LLC
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS400328 intelligence hosting llc
raw
inetnum: 204.75.230.0 - 204.76.255.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2025-07-08T14:17:14Z last-modified: 2025-07-08T14:17:14Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://www.bitsight.com/blog/rapperbot-infection-ddos-split-second, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, week1.pdf, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 15 days ago
Appeared in 17 threat reports