IOC Radar
IPMediumSignal 31/100

213.239.206.148

Location
GermanyGermany
Falkenstein, Saxony
ASN
AS24940
Hetzner
First Seen
Sep 21, 2024
Last Seen
May 6, 2026
Sep 21
First Seen
630d ago
May 6
Last Seen
38d ago
13
Reports
source reports
31%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
31%
Signal Score
31 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryDEGermany
RegionFalkenstein, Saxony
ASNAS24940
OrganizationHetzner

Feed Intelligence Summary

13 reports31% confidence
13
Source reports
31%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningagent teslaakiraapacheapache attackerasiaasyncratattackbad reputationbad web botbotnetbotnet activitybrazilbrute forcebrute force attackcisoscoinminercommand and controlcommunication protocolcommunication technologiescompromised credentialscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingdata exfiltrationdata store exposuredcratddosdedecoy systemdenial of servicedistributed attackseuropeeurope/asiaexploit probingexploitation activityexploited hostfinancefranceftp brute forcegermanygroupedhackingidentity & access exploitationindicatorindonesiainjection activitymailoney email attacksmailoney honeypotmalicious activitymalicious python scriptsmalicious softwaremalwaremalware hostingmexicomobile carriersmobile networksmozimozi linknetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americapanamaparaguaypassword attacksphishingphishing attackphishing trapprocess injectionqilinransomwarereconnaissanceresearchedresource hijackingrussiascams & fraudscannersecurity policysentrypeer attackssentrypeer botnetservicesftp access attemptsftp attacksingaporesip attackssip brute forcesliversocial engineeringsouth americassh attackssh monitoringsteamt1021t1040t1041t1053t1055t1059t1068t1071t1071.001t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1123t1190t1203t1204t1486t1496t1499.001t1499.002t1499.003t1552t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1595t1595.001t1595.002t1595.003tannertelecomtelecom servicestelecommunicationtelecommunicationsthreat actorthreat preventiontor nodeukraineunited kingdomurlhausvoipvoip attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
31
SIGNAL
Signal Score
31%
Confidence
13
Reports
First seenSep 21, 2024
Last seenMay 6, 2026
GeolocationDE
CountryGermany
LocationFalkenstein, Saxony
ASNAS24940
OrgHetzner
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
2025-03-12T17:23:40.956Z Honeypot : Tanner : Source: 213.239.206.148 : Port: 80 Post Data: {'response': {'message': {'sess_uuid': '84fbdcdc-4682-4e78-917f-57085d9bde27', 'detection': {'version': '0.6.0', 'order': 0, 'name': 'unknown', 'type': 1}}}, 'version': '0.6.0'}
raw
inetnum: 213.239.204.0 - 213.239.207.255 netname: HETZNER-RZ-NBG-NET2 descr: Hetzner Online AG descr: Datacenter Nuernberg country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN mnt-lower: HOS-GUN mnt-routes: HOS-GUN created: 2006-03-22T15:20:48Z last-modified: 2006-03-22T15:20:48Z source: RIPE # Filtered role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 abuse-mailbox: [email protected] remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * [email protected], or fill out the form at * remarks: * abuse.hetzner.com, thank you. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * [email protected] * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE tech-c: MF1400-RIPE tech-c: SK8441-RIPE tech-c: DD15478-RIPE nic-hdl: HOAC1-RIPE mnt-by: HOS-GUN created: 2004-08-12T09:40:20Z last-modified: 2022-11-22T18:33:55Z source: RIPE # Filtered route: 213.239.192.0/18 descr: HETZNER-RZ-NBG-BLK2 origin: AS24940 mnt-by: HOS-GUN created: 2003-05-28T16:24:38Z last-modified: 2003-05-28T16:24:38Z source: RIPE
references
https://urlhaus.abuse.ch/, https://any.run/malware-trends/, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 13 threat reports