IOC Radar
IPMediumSignal 70/100

213.209.159.227

Location
GermanyGermany
Augsburg, Bavaria
ASN
AS208137
Feo Prest SRL
First Seen
Dec 29, 2025
Last Seen
Jun 17, 2026
Dec 29
First Seen
173d ago
Jun 17
Last Seen
4d ago
16
Reports
source reports
70%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryDEGermany
RegionAugsburg, Bavaria
ASNAS208137
OrganizationFeo Prest SRL

IP Category

VPN
VPN exit node

Feed Intelligence Summary

16 reports70% confidence
16
Source reports
70%
Confidence score
Category tags
abuseacceptaccess controlaccess networkactive scanactive scanningadded activeandroid sandboxaptarialasiaattacker-ipaustraliabad reputationbad web botblocklistblocklist_allbody lengthbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcecache entrycalibricanadacharchrome cacheclear filterscnamecommand and controlcommand executionconnectcowriecredential accesscredential stuffingdata encryptiondatabase securityddosddos attackdedecorviewdecoy systemdefense evasiondetail infodetailsdhcpdistributed attacksdns attackdrops peeandroidruntimeelasticsearchencryptionentryeuropeexploitation activityexploited hostfalt timesfoundftpftp brute-forcegermanyguest systemhabo analysishackinghosthttpsidentity & access exploitationimapindicatorinfoinfo fileinformation gatheringinjection activityinteliot securityipv4it managedit supportlateral movementldapliberation sanslibrarylistlabelmalwarememory patternmetamitre attackmobile threatms windowsmssqlnetherlandsnetworknetwork infonetwork monitoringnetwork protocolnetwork securitynew romannextnorth americantpoceaniaoraclep2404p4bknppassword attackspattern domainspe fileperforms dnsphishingportscanpostgresprotocol exploitationransomwarereconnaissanceredisrelated pulsesremote accessremote servicesresearchresearchedriffrole titleromanscanscannerscannerssearchsecurity policyself-signedserver exploitationservice scansipsmbsnmpsocks5spamsql injectionsshssh attackssh-brutestarfieldstatestatus codestrongsystem sha256t1021.001t1021.002t1040t1055t1059.003t1059.005t1071t1071.001t1077t1078t1082t1083t1095t1110.001t1110.002t1110.003t1110.004t1485t1486t1496t1497t1499.002t1499.003t1505.004t1573t1574t1595t1595.001t1595.002t1595.003tahomataiwantargeting databasetechstelnettelnet threatthreat actorthreat intelligencethreat preventiontimes newtitletls versiontor nodetwtype indicatoru0304u0308u0329u2190u2192ukraineultimate fileunitedunixurls httpsverdictvncvnc protocolvoidtrapvpnvpn ipvultrwebweb app attackweb application attackweb spamwebp imagewindows sandboxwsdlwsdl behaviourzenbox androidzip archive

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
16
Reports
First seenDec 29, 2025
Last seenJun 17, 2026
GeolocationDE
CountryGermany
LocationAugsburg, Bavaria
ASNAS208137
OrgFeo Prest SRL
Coords48.3459, 10.9161
VPN

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 213.0.0.0 - 213.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 4 days ago
Appeared in 16 threat reports