IOC Radar
IPMediumSignal 59/100

5.252.103.180

Location
GermanyGermany
Frankfurt am Main, VA
ASN
AS213250
Mo's Operations GmbH
First Seen
Aug 23, 2025
Last Seen
May 21, 2026
Aug 23
First Seen
292d ago
May 21
Last Seen
22d ago
11
Reports
source reports
59%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

16 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, VA
ASNAS213250
OrganizationMo's Operations GmbH

Feed Intelligence Summary

11 reports59% confidence
11
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningbad reputationbad web botbotnet activitybrute forcebrute force attackbrute-forcebruteforcecloud infrastructurecloud infrastructure attackcloud servicescredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosdedecoy systemdenial of serviceeuropeexploitation activityexploited hostgermanyhackingidentity & access exploitationindicatorinjection activityinjection attacksmalwaremysqlnetworknetwork scanningnorth americapassword attacksportscanreconnaissanceresearchedresource hijackingscannerscannerssecurity policyself-signedserver exploitationservice scansql injectionssh attackt1059.003t1078t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1505.002t1595.001t1595.002t1595.003targeting databasethreat intelligencethreat preventionunited statesvultrweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 21May 21

Threat Activity Heatmap

· Peak: 2026-05-21
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
11
Reports
First seenAug 23, 2025
Last seenMay 21, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, VA
ASNAS213250
OrgMo's Operations GmbH
Coords38.9841, -77.3672

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force MYSQL on Vultr Paris (France) honeypot
raw
inetnum: 5.252.100.0 - 5.252.103.255 netname: DE-MOS-IPS-20190205 country: DE org: ORG-MOG10-RIPE admin-c: MORI tech-c: MORI status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: MOS-IP-MNT created: 2021-09-23T08:40:26Z last-modified: 2023-02-08T14:02:45Z source: RIPE abuse-c: ACRO20307-RIPE mnt-lower: DeinServerHost mnt-lower: MOS-IP-MNT mnt-routes: DeinServerHost mnt-domains: DeinServerHost organisation: ORG-MOG10-RIPE remarks: __________ remarks: Please contact us via e-mail: remarks: [email protected] remarks: or visit our Website for more Information: remarks: www.develapp.me remarks: __________ org-name: Mo's Operations GmbH country: DE org-type: LIR address: Alte Landstrasse 23 address: 85521 address: Ottobrunn address: GERMANY phone: +0 admin-c: MORI tech-c: MORI abuse-c: MOS mnt-by: RIPE-NCC-HM-MNT mnt-by: MOS-IP-MNT created: 2018-11-09T15:36:28Z last-modified: 2023-02-17T15:16:46Z source: RIPE # Filtered mnt-ref: MOS-IP-MNT person: Mo's Operations GmbH remarks: __________ remarks: NO ABUSE INFORMATION. DO NOT CONTACT FOR ABUSE!!! remarks: Please contact via e-mail: remarks: [email protected] remarks: or visit our Website for more Information: remarks: www.develapp.me remarks: __________ address: Mo's Operations GmbH, Alte Landstra�e 23, D-85521 Ottobrunn, Germany phone: +0 nic-hdl: MORI mnt-by: MOS-IP-MNT created: 2023-02-08T13:54:20Z last-modified: 2023-02-27T16:00:31Z source: RIPE # Filtered route: 5.252.103.0/24 origin: AS213250 mnt-by: MOS-IP-MNT mnt-by: MOS-IP-MNT created: 2022-07-10T14:40:30Z last-modified: 2022-07-10T14:40:30Z source: RIPE
references
https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-mysql-bruteforce-ip-list-2026-04-08/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 22 days ago
Appeared in 11 threat reports