IOC Radar
IPMediumSignal 53/100

213.209.159.151

Location
GermanyGermany
Augsburg, Bavaria
ASN
AS208137
Feo Prest SRL
First Seen
Dec 22, 2025
Last Seen
Jun 13, 2026
Dec 22
First Seen
188d ago
Jun 13
Last Seen
15d ago
23
Reports
source reports
53%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryDEGermany
RegionAugsburg, Bavaria
ASNAS208137
OrganizationFeo Prest SRL

IP Category

Proxy
Proxy server

Feed Intelligence Summary

23 reports53% confidence
23
Source reports
53%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadb attacksadbhoney honeypotapacheapache attackeraptasiaattackattacker-ipaustraliabad reputationbad web botblacklist ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute-force-attackciscocisco brute forcecisco devicecisco device attackscisco device targetingcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand injectioncommunication protocolconpotconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcredential accesscredential brute forcingcredential compromise attemptcredential harvestingcredential stuffingcredential-stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailenterprise networkingenumerationeuropeeurope/asiaexploitexploitation activityexploited hostexternal threatfattftpftp attacksftp brute forceftp brute-forcegermanyhackinghoneytrap honeypothttp scannerhttp scanningics securityics/scada attacksidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot attacksiot botnetiot securityiot/ics attackipv4lamplamp exploitation attemptslamp stack targetinglamp vulnerability scanlateral movementmailoney honeypotmalicious activitymalicious ipmalicious network activitymalicious payloadmalicious scanmalicious softwaremalicious-activitymalwaremalware behaviourmalware capturemalware download attemptsmiraimirai botnetnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-devicesoceaniaopenctip0fpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningportscanpossible malware distributionprocess injectionprotocol exploitationproxyproxy protocolransomwarereconnaissancereconnaissance activityredis honeypotredishoneypotremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetservice scansftpsftp access attemptsftp attacksftp attemptsipsip attackssip brute forcesip scanningsmb attackssmtpsmtp brute forcesmtp enumerationsmtp probingsocial engineeringsocradar honeypotspamsql injectionsshssh attackssh monitoringsystem accesst1021t1040t1041t1046t1055t1059t1059.003t1059.007t1071t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1590t1592t1595t1595.001t1595.002t1595.003taiwantannertargeting databasetcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotturkeytwunattributed activityvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-servers

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
23
Reports
First seenDec 22, 2025
Last seenJun 13, 2026
GeolocationDE
CountryGermany
LocationAugsburg, Bavaria
ASNAS208137
OrgFeo Prest SRL
Coords51.2993, 9.4910
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 213.0.0.0 - 213.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 15 days ago
Appeared in 23 threat reports