IOC Radar
IPMediumSignal 61/100

212.30.36.123

Location
GermanyGermany
Nuremberg, Bavaria
ASN
AS137409
GSL Networks
First Seen
Nov 1, 2022
Last Seen
Jun 11, 2026
Nov 1
First Seen
1332d ago
Jun 11
Last Seen
14d ago
26
Reports
source reports
61%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryDEGermany
RegionNuremberg, Bavaria
ASNAS137409
OrganizationGSL Networks

IP Category

VPN
VPN exit node

Feed Intelligence Summary

26 reports61% confidence
26
Source reports
61%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptattackauthenticationauthentication attackbad reputationbad web botblocklist_allbotnetbotnet activitybotnet activity detectionbotnet infectionbrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcecivil servicescommand and controlcompromised hostcountcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdedenial of servicedistributed attacksencryptioneuropeexploitation activityexploited hostfirewall log analysisgermanygovernment technologyhackingidentity & access exploitationinfrastructure acquisitionreconnaissanceinjection activityinjection attacksintrusion detectionipv4 addresslogin attemptsmalicious activitymalicious softwaremalwaremalware distributionmanualmultiple failed loginsmultiple geo locationsnetworknetwork securitynetwork traffic analysispassword attacksphishingphishing attackportscanprocess injectionproxypublic administrationpublic infrastructurepublic policyrandom passwordrandom usernameransomwarereconnaissanceregulatory agenciesremote accessresearchedscannerscannersscanning activitysecurity operationssecurity policyservice scansocial engineeringsocradar honeypotspamsql injectionssh attackssl vpnt1040t1055t1059t1059.003t1071t1071.001t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1588t1588.004t1590.001t1595t1595.001t1595.002t1595.003targeting databasethreat actorthreat intelligencethreat preventiontor nodeunauthorized access attemptsunauthorized loginvpnvulnerability scanvultrweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
26
Reports
First seenNov 1, 2022
Last seenJun 11, 2026
GeolocationDE
CountryGermany
LocationNuremberg, Bavaria
ASNAS137409
OrgGSL Networks
Coords49.4543, 11.0746
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 212.30.36.0 - 212.30.36.255 netname: GSL_Networks country: DE admin-c: AM36404-RIPE tech-c: AM36404-RIPE abuse-c: AVCN1-RIPE status: ASSIGNED PA mnt-by: MNETS-MNT mnt-by: Mnets-Admin created: 2022-01-22T10:22:39Z last-modified: 2024-06-20T17:35:54Z source: RIPE person: Assaf Murr address: Zalka Amarit Chalhoub Ain Street Salloum BLDG. Ground Floor 961 3 644884 phone: +961 1 895665 nic-hdl: AM36404-RIPE mnt-by: Mnets-Admin created: 2015-01-05T23:33:16Z last-modified: 2015-01-05T23:33:16Z source: RIPE # Filtered route: 212.30.36.0/24 origin: AS137409 mnt-by: MNETS-MNT mnt-by: Mnets-Admin created: 2022-01-20T17:56:08Z last-modified: 2022-01-20T17:56:08Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 14 days ago
Appeared in 26 threat reports