IPMediumSignal 26/100

`46.38.236.250`

Location

Germany

Nuremberg, Baden-Wurttemberg

ASN

AS197540

NETCUP-GMBH

First Seen

Aug 26, 2020

Last Seen

Jun 6, 2026

Aug 26

First Seen

2125d ago

Jun 6

Last Seen

16d ago

Reports

source reports

26%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

26%

Signal Score

26 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

Germany

RegionNuremberg, Baden-Wurttemberg

ASNAS197540

OrganizationNETCUP-GMBH

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

14 reports26% confidence

Source reports

26%

Confidence score

Category tags

aaaaabilityacceptaccessaccess deniedaccount securityactive scanactive scanningadobe dynamicaerospace & defensealertsall scoreblueall searchallocate rwxanalysis dateanalysis ob0001analysis ob0002android deviceanonymization networkanonymization network activityanonymization network iocsanonymization network usageanonymized attack activityanonymous attack sourceanonymous proxyanonymous_proxyappleapple iosartemisascii textasnone unitedattackattacks againstauthentication attemptsautomated attackautomotive manufacturingav detectionav detectionsb0001 processb0003 delayedbad loginbad reputationbodybotnet activitybrute forcebrute force attackbrute force attemptsbrute-force attackbrute_forcebusiness valueca1 odigicertcatalog treechromecivil servicesclick-based attackcnameco numbercobalt strikecode executioncommandcommand & controlcommand and controlcommand decodecommand executioncommunication protocolcomspecconhostcontactcontains pdbcorecosta ricacreation datecredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcrowdstrikecus cndigicertcyber armycyber defensedatadata accessdata copyingdata encryptiondata exfiltrationdata manipulationdata store exposuredata transferddosddos attacksdedefensedefense contractingdefense logisticsdefense systemsdefense technologydelete cdenial of servicedisplaynamedistribution managementdiv divdll sideloadingdnamedns attackdomains partdos executableduptwuxdynamicloadere1082 filee1083 impacte1203 windowseconomic impactelectronics manufacturingencryptencryptionentriesenumerateerroret toreuropeevasionevasion ob0006executeexitexpiration dateexploitation activityexternal proxyfalcon sandboxfancy bearfilesfiles droppedfinlandfirstflow t1574formfoundfrancefreight forwardingftpftp brute forceftp usernameftp_brute_forceftp_servicefull namegartnergenericgeneric windosgermanyget filegovernment technologyhackershasheshighhigh levelhighesthistorical sslhoneynet connecthostname enumerationhtml infohttp brute forcehttp probinghttp scannerhttp scanninghttp_brute_forcehttpshttps scanninghybridhybrid analysisicann whoisico rtgroupiconidentity & access exploitationids detectionsinc validityindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial_accessinitial_access_attemptinjection activityinput validation bypassintelinternet of thingsinternet_background_noiseinvalid urlinventory managementiociot botnetiot securityiot/ics attackipv4it infrastructureknown torlateral movementlayer protocollearnlegacylink functionlocallogin attemptlogin credentialslogistics technologylogo analysislookmagic quadrantmainmalicious activitymalicious ip addressesmalicious linksmalicious softwaremalicious trafficmalicious_ipsmalicious_trafficmalwaremanufacturing technologymediummemory patternmeta tagsmetadata analysismilitary operationsmirai botnetmisc attackmitre attmobile threatmodify systemmodules t1129movedmsiemssql_brute_forcemulti scanmutexesname serversnation-state activitynational securitynetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork_attacknetwork_enumerationnetwork_reconnaissancenetwork_service_probingnetworkmonitoringneutralnew problemsnextnextraynidsnode trafficnorth americanumberob0007 systemopenoperating systemoperating system securityopportunistic_attackeros2 executableosi applicationotx scoreblueoverlaypandapandaspassive dnspassword attackpassword attackspath traversalpattern domainspattern matchpe filephishingphishing attackpleasepolandportpossible botnet activityprocessprocess injectionprocess manufacturingprocess t1543project skynetprotocol exploitationproxyproxy ip addressesproxy networkproxy serverproxy server activityproxy_trafficproxy_usagepublic administrationpublic infrastructurepublic policypulse pulsespulse submitpushpythonquality controlqueryransomwarerdp_brute_forcerdp_serviceread creconnaissancereconnaissance_activityrefreshregistry keysregulatory agenciesremote accessremote servicesremote systemreportsrequest emailresearchedrestartreverse dnsrobtexroot accountrounduprticon neutralscan endpointsscannerscanning activityscript domainsscript urlssearchsecurity operationsserversservice scanset registryashipping servicesshowshowingsignals mutexessizesize17kib typesmb brute forcesmb_enumerationsmb_servicesmtp brute forcesmtp_brute_forcesocial engineeringsocial media securitysoftware developmentsoftware exploitationspanssh attackssh_brute_forcessh_servicestarfieldstatusstealsstreamstringssubject publicsubmission namesupply chain attacksupply chain managementsuricata streamsuspicioustrafficswitch dnst1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1030t1040t1046t1055t1055 systemt1059t1059 acceptt1059.001t1059.003t1059.004t1068t1069.001t1071t1071.001t1076t1077t1078t1087t1090t1090.002t1090.003t1105 ingresst1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.001t1204.002t1486t1496t1497 queryt1499.002t1499.003t1563t1564.004t1565t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1589t1589.001t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tag managementtargettcp scantcp scanningtechtelnet threattempthreat activitythreat actorthreat intelligencethreat networkthreat rounduptls rsatofseetoolstortor networktor nodetor node indicatorstor_traffictransportation managementtridenttwitterudp scanunauthorized access attemptunauthorized_accessunitedunited kingdomunited statesunknown winupgradeurlsurls tcpuseruser executionutc bingutf8 textv3 serialverifyvirtual mobilevpnvpn ip addressesvpn servicevpn_trafficwannacry killwarehouse operationsweb application attackweb application exploitationweb application scanningweb brute forceweb trafficweb_service_scanningwhois lookupwin16 newin32 exewin32 malwarewindows eventwindows linkwindows malwarewindows ntwindows servicewormwritewritten cx msedgex82xd4x86xd3xe8xc2x14xml rtmanifestyara detections

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

26%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 6, 2026

GeolocationDE

CountryGermany

LocationNuremberg, Baden-Wurttemberg

ASNAS197540

OrgNETCUP-GMBH

Coords49.0047, 8.3858

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 46.38.224.0 - 46.38.255.255 netname: DE-NETCUP-20101202 country: DE org: ORG-nG51-RIPE admin-c: OW395-RIPE tech-c: OW395-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: NETCUP-MNT mnt-lower: NETCUP-MNT mnt-domains: NETCUP-MNT mnt-routes: NETCUP-MNT created: 2010-12-02T12:32:36Z last-modified: 2022-11-14T12:45:41Z source: RIPE # Filtered remarks: INFRA-AW organisation: ORG-nG51-RIPE org-name: netcup GmbH country: DE org-type: LIR address: Daimlerstrasse 25 address: 76185 address: Karlsruhe address: GERMANY phone: +4972175407550 fax-no: +4972175407559 admin-c: OW395-RIPE abuse-c: NA4042-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: NETCUP-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: NETCUP-MNT created: 2010-11-03T10:05:19Z last-modified: 2020-12-16T12:52:13Z source: RIPE # Filtered person: Oliver Werner address: netcup GmbH address: Daimlerstrasse 25 address: 76185 Karlsruhe phone: +49721 75407550 nic-hdl: OW395-RIPE mnt-by: NETCUP-MNT created: 2010-11-03T14:34:38Z last-modified: 2017-10-30T22:11:28Z source: RIPE # Filtered route: 46.38.224.0/20 descr: NETCUP-GMBH origin: AS197540 mnt-by: NETCUP-MNT created: 2011-09-05T11:59:56Z last-modified: 2011-09-05T11:59:56Z source: RIPE

`46.38.236.250`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey