IOC Radar
IPMediumSignal 77/100

212.227.13.69

Location
GermanyGermany
Essen, RP
ASN
AS8560
De Rhr Bap Ngcs Public
First Seen
Jan 15, 2022
Last Seen
Jun 12, 2026
Jan 15
First Seen
1622d ago
Jun 12
Last Seen
13d ago
26
Reports
source reports
77%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryDEGermany
RegionEssen, RP
ASNAS8560
OrganizationDe Rhr Bap Ngcs Public

Feed Intelligence Summary

26 reports77% confidence
26
Source reports
77%
Confidence score
Category tags
abuseactive scanattacker-ipbad reputationbad web botblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackerbrute-forcebruteforcecowriecredential stuffingcredential-harvestingddosddos attackdedhcpelasticsearchenv-huntingeuropeexploitexploitation activityexploited hostftpftp brute-forcegermanyhackingidentity & access exploitationimapinjection activityiot securityiot targetedldapmssqlnetworknginxntpopencanaryoraclephishingportscanpostgresproxyransomwareraspberry-piredisresearchedscanscannerscannersservice scansmbsnmpsocks5socradar honeypotspamsql injectionsshssh attacktargeting databasetelnetthreat actortpotvncvoidtrapvulnerability scanvulnerability-exploitationvultrweb app attackweb spam

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
26
Reports
First seenJan 15, 2022
Last seenJun 12, 2026
GeolocationDE
CountryGermany
LocationEssen, RP
ASNAS8560
OrgDe Rhr Bap Ngcs Public
Coords50.4325, 7.8183

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 212.227.13.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).
raw
inetnum: 212.227.12.0 - 212.227.13.255 netname: de-rhr-bap-ngcs-public descr: IONOS SE country: DE admin-c: IPAD-RIPE tech-c: IPOP-RIPE abuse-c: ARO12-RIPE status: ASSIGNED PA mnt-by: AS8560-MNT created: 2024-10-14T15:49:08Z last-modified: 2024-10-14T15:49:08Z source: RIPE # Filtered role: IP Administration address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPAD-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-20T17:24:09Z last-modified: 2025-09-26T12:26:46Z source: RIPE # Filtered role: IP Operations address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPOP-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-28T16:25:04Z last-modified: 2025-09-26T12:26:44Z source: RIPE # Filtered route: 212.227.0.0/16 descr: IONOS-PA-2 origin: AS8560 mnt-by: AS8560-MNT created: 2011-04-27T14:38:19Z last-modified: 2020-11-27T17:48:27Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 13 days ago
Appeared in 26 threat reports