IOC Radar
IPMediumSignal 43/100

207.180.192.205

Location
United KingdomUnited Kingdom
Lauterbourg, BY
ASN
AS51167
Contabo GmbH
First Seen
Oct 19, 2020
Last Seen
May 30, 2026
Oct 19
First Seen
2074d ago
May 30
Last Seen
25d ago
8
Reports
source reports
43%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryGBUnited Kingdom
RegionLauterbourg, BY
ASNAS51167
OrganizationContabo GmbH

Feed Intelligence Summary

8 reports43% confidence
8
Source reports
43%
Confidence score
Category tags
abuseaccount securityactive scanactive scanningaddressanomalous network connectionsascii textasiaattackaustralia asnauthentication attacksauthorityavast avgbad reputationbittorrent dhtblock listblock.txtbodybotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebuttonc2c2 communicationcanadachina mobileck idclickclick-based attackcloud providercode executioncolumnscommandcommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised hostcompromised systemsconnect scancopycopy md5copy sha1copy sha256credential accesscredential harvestingcredential stuffingdadobradaily_sourcesdata accessdata copyingdata exfiltrationdata exfiltration attemptdata store exposuredata theftdata transferdata uploadddosddos attackddos attacksdefense evasiondeletedelphidenial of servicedenial-of-service attemptdistributed attacksdns attackdomaindomainpath namedownloaderencryptionentriesenumerationerroreuropeevasion attexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsfilesfiles ipfiles locationfiles showfin scanflag unitedformfrfranceftpftp brute forcegeneral fullgermanyhackingheader valuehighhistory httpshk abusehandlerhong konghostilehostnamehostname enumerationhttphttp attackhttp request anomalieshttp scannerhttp scanninghurricane ushybrididentity & access exploitationindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinjection activityinput validation bypassintelinternet of thingsiociot botnetiot securityiot/ics attackipv4journallabellearnless whoislocallooklowfimalicious activitymalicious ip activitymalicious linksmalicious powershell activitymalicious softwaremalicious trafficmalwaremalware distributionmediamediummiraimirai botnetmitre attmovedmozillams windowsname tacticsnetworknetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynextnext associatednone indicatornorth americanull scanobserved malicious activityopen port detectionoperating systemoperating system securitypage urlpassive dnspassword attackspathpath traversalpattern matchpayload deliverypgp signphishingphishing attackping of deathpleaseportpossible botnet activitypossible malware distributionpresent augpresent decpresent febpresent julpresent junprocess injectionprotocol exploitationprotocol h2pulse pulsespulse submitransomwareread creconnaissancereconnaissance activityrecord valuerefreshrelated nidsrelated tagsremote accessremote servicesresearchedrestartreverse dnsscannerscanning activityscript urlsscripting attackssearchsecurity operationssecurity tlssegoe uiselfserversserviceservice enumerationservice scanshowshow techniqueshowingsmtpsmtp brute forcesmtp scanningsocial engineeringsoftware envoysoftware exploitationsouth koreaspanspawnssqlite rollbackssh attackstatusstealth scanstringssuspicious-udpsydneysyn scant1005t1012t1016t1018t1021t1021.001t1023t1027t1030t1031t1040t1045t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1060t1065t1068t1069.001t1071t1071.001t1078t1082t1083t1086t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1119t1129t1133t1189t1190t1195t1203t1204t1204.001t1204.002t1210t1480t1480 executiont1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1568t1573t1587.001t1589t1589.001t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetelnet threatthreat actorthreat actor activitythreat feedthreat intelligencethreat intelligence feedtimeouttitle logintoolstop10.txttopips.txttor nodetypeudp port scanunitedunited statesunknown nsunknown relatedurlsus abuseus noneuser executionvalueverifyvirtoolweb application attackweb application exploitationweb securityweb trafficwin32 malwarewindows malwarewindows ntwritewrite cxmas scan

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
8
Reports
First seenOct 19, 2020
Last seenMay 30, 2026
GeolocationGB
CountryUnited Kingdom
LocationLauterbourg, BY
ASNAS51167
OrgContabo GmbH
Coords49.4050, 11.1617

VirusTotal

Not checked

WHOIS

description
CC=DE ASN=AS51167 contabo gmbh
raw
inetnum: 207.180.192.0 - 207.180.223.255 netname: CONTABO descr: Contabo GmbH country: DE org: ORG-GG22-RIPE admin-c: MH7476-RIPE tech-c: MH7476-RIPE status: ASSIGNED PA mnt-by: MNT-CONTABO created: 2018-05-06T08:09:32Z last-modified: 2018-05-06T08:09:32Z source: RIPE organisation: ORG-GG22-RIPE org-name: Contabo GmbH country: DE org-type: LIR remarks: * Please direct all complaints about Internet abuse like Spam, hacking or scans * remarks: * to [email protected] . This will guarantee fastest processing possible. * address: Aschauer Strasse 32a address: 81549 address: Munchen address: GERMANY phone: +498921268372 fax-no: +498921665862 abuse-c: MH12453-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-CONTABO mnt-ref: MNT-OCIRIS mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-CONTABO created: 2009-12-09T13:41:08Z last-modified: 2021-09-14T10:49:04Z source: RIPE # Filtered person: Johannes Selg address: Contabo GmbH address: Aschauer Str. 32a address: 81549 Muenchen phone: +49 89 21268372 fax-no: +49 89 21665862 nic-hdl: MH7476-RIPE mnt-by: MNT-CONTABO mnt-by: MNT-GIGA-HOSTING created: 2010-01-04T10:41:37Z last-modified: 2024-04-15T11:05:18Z source: RIPE route: 207.180.192.0/23 descr: CONTABO origin: AS51167 mnt-by: MNT-CONTABO created: 2018-05-03T07:57:08Z last-modified: 2018-05-03T07:57:08Z source: RIPE
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 25 days ago
Appeared in 8 threat reports