IPMediumSignal 82/100
217.154.69.208
Location
GermanyBerlin, State of Berlin
ASN
AS8560
MISTRAL
First Seen
May 8, 2025
Last Seen
Jun 8, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionBerlin, State of Berlin
ASNAS8560
OrganizationMISTRAL
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
23 reports82% confidence
23
Source reports
82%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningactive-attackadb attacksadbhoney honeypotand injection attemptsapplication layer protocolaptasiaasset discoveryattackattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsautomated attackautomated attack attemptsautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botblacklist hitblacklisted ip detectionblocked eventblog spambothammerbotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute-force-ftpbrute-force-sshbrute-force-webbrute_forcebrute_force_attackcanadaciscocisco brute forcecisco devicecisco device attackcisco device attackscisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand and controlcommand executioncommand injectioncommand-injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemconnected devicesconpotconpot honeypotcowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie ssh attackscredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-abusecredential-accesscredential-stuffingcredential_guessingcredentialaccesscyber reconnaissancecyberattackdaily-threat-feeddata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attack indicatorsddos attacksdedecoy systemdenial of servicedenial-of-servicedenial-of-service attackdevice managementdhcpdhcp exploitationdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdirectory-bruteforcedistributed attacksdnsdns attackelasticpot honeypotelasticsearchelasticsearch bruteforceelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexploitexploit kit activityexploit probingexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal access attemptsfail2ban triggeredfailed loginfailed login attemptsfattfileftpftp attacksftp brute forceftp brute-forceftp bruteforcegb-hostedgermanyhackinghoneypot 24h activityhoneytrap datahoneytrap honeypothttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningics securityics/scada attacksidentity & access exploitationimapimap bruteforceindiaindustrial control systemsindustrial iotinformation gatheringinformation technologyinitial accessinitial-accessinitial-access-attemptinjection activityinjection attacksinternet exposedinternet of thingsintrusion detectioniociot analyticsiot applicationsiot attacksiot botnetiot device targetingiot platformsiot securityiot targetediot/ics attackip-addressip-addressesipphoney honeypotipv4ipv4 addressipv4 threatsipv4_addressit infrastructurejapanlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementlateral movement attemptldapldap bruteforcelinux serverslinux systemsloginlogin attacklogin attemptlogin attemptslogin failureloginattackmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious file transfermalicious ip activitymalicious ip addressesmalicious network activitymalicious payloadmalicious softwaremalicious trafficmalicious-activitymalicious-ipmalwaremalware behaviourmalware capturemalware download attemptsmemcache exploitationmirai botnetmispmssqlmssql bruteforcenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicenetwork service discoverynetwork service scanningnetwork servicesnetwork-devicesnetwork-reconnaissancenetwork_reconnaissancenorth americanoticentpntp amplificationobjectoceaniaopen proxyopenctioracleoracle bruteforceoracle databasep0fpassword attackpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanport-scanningportscanpossible botnet activitypossible malware distributionpossible malware infectionpostgrespostgres bruteforcepotential vulnerability exploitationprobing and exploitationprocess injectionprotocol exploitationproxypublicly accessible infrastructureqhoneypot interactionransomwareransomware activityrdp scanningrealtime-wafreconnaissanceredisredis bruteforceredis honeypotredishoneypotredishoneypot activityremote accessremote access attemptremote access attemptsremote service accessremote servicesresearchedresource hijackingscanscannerscanner detectionscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer sip attacksserver compromise attemptserver exploitationservice enumerationservice exploitationservice scanservice scanningsftpsftp access attemptssftp attacksftp attemptsftp exploitation attemptssiemsipsip attackssip brute forcesip scanningsip vulnerability scansmart devicessmbsmb attackssmb bruteforcesmtpsmtp brute forcesmtp probingsnmpsnmp enumerationsocial engineeringsocks5socks5 proxyingsocradar honeypotsoftware developmentspamsql injectionsql injection attemptssql-injectionsshssh attackssh bruteforcessh monitoringswedensystem accesst1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1589t1589.001t1589.002t1590t1590.002t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scanningtelecommunicationstelnettelnet bruteforcetelnet threattftpthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencetor nodetpotunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomvalid accountsvncvnc bruteforcevnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb brute forceweb exploitweb exploitationweb spamweb trafficweb-application-attackweb-serversweb-vulnerability
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
23
Reports
First seenMay 8, 2025
Last seenJun 8, 2026
GeolocationDE
CountryGermany
LocationBerlin, State of Berlin
ASNAS8560
OrgMISTRAL
Coords51.4964, -0.1224
Proxy
VirusTotal
Not checked
WHOIS
- description
- Score: 79/100 | Detector: threat_feed | Label: reported_abuse | Tags: compromised_host, reported_abuse
- raw
- inetnum: 217.154.64.0 - 217.154.71.255 netname: de-ber-ionos-cloud-txl descr: IONOS SE country: DE admin-c: IPAD-RIPE tech-c: IPOP-RIPE status: ASSIGNED PA mnt-by: AS8560-MNT created: 2025-01-28T10:50:38Z last-modified: 2025-06-03T16:17:28Z source: RIPE role: IP Administration address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPAD-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-20T17:24:09Z last-modified: 2025-09-26T12:26:46Z source: RIPE # Filtered role: IP Operations address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPOP-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-28T16:25:04Z last-modified: 2025-09-26T12:26:44Z source: RIPE # Filtered route: 217.154.64.0/21 descr: IONOS SE ber.de origin: AS8560 mnt-by: AS8560-MNT created: 2025-01-28T10:50:38Z last-modified: 2025-01-28T10:50:38Z source: RIPE # Filtered
- references
- https://purplesynapz.com/, https://github.com/telekom-security/tpotce, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-telnet-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-telnet-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-11/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 15 days ago
Appeared in 23 threat reports