IOC Radar
IPMediumSignal 25/100

5.9.176.72

Location
GermanyGermany
Falkenstein, Saxony
ASN
AS24940
Hetzner Online GmbH
First Seen
Apr 9, 2025
Last Seen
Mar 27, 2026
Apr 9
First Seen
427d ago
Mar 27
Last Seen
76d ago
9
Reports
source reports
25%
Confidence
medium
1/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
25%
Signal Score
25 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryDEGermany
RegionFalkenstein, Saxony
ASNAS24940
OrganizationHetzner Online GmbH

Feed Intelligence Summary

9 reports25% confidence
9
Source reports
25%
Confidence score
Category tags
abuseactive scanningaustraliaauthenticationauthentication abusebotnetbrute forcebrute force attemptbrute force attemptscommand and controlcommunication protocolcredential accesscredential stuffingdata exfiltrationdistributed attackseuropegermanyindicatoripv4malicious activitymalicious softwaremalwarenetworknetwork port scanningnetwork probingnetwork reconnaissancenetwork scanningnetwork securityoceaniapotential threat actorprocess injectionreconnaissanceremote accessresearchedscanscannerscanning activitysip scanningssh attackssh scanningt1018t1021.004t1040t1046t1055t1059t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1190t1486t1496t1499.002t1499.003t1565t1589t1592t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorvoip

Activity Timeline

1 total obs
Mar 27Mar 27

Threat Activity Heatmap

· Peak: 2026-03-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
25
SIGNAL
Signal Score
25%
Confidence
9
Reports
First seenApr 9, 2025
Last seenMar 27, 2026
GeolocationDE
CountryGermany
LocationFalkenstein, Saxony
ASNAS24940
OrgHetzner Online GmbH
Coords51.2993, 9.4910

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 5.9.176.64 - 5.9.176.79 netname: HOS-330313 descr: HOS-330313 country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN created: 2025-04-04T01:20:42Z last-modified: 2025-04-04T01:20:42Z source: RIPE # Filtered role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 abuse-mailbox: [email protected] remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * [email protected], or fill out the form at * remarks: * abuse.hetzner.com, thank you. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * [email protected] * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE tech-c: MF1400-RIPE tech-c: SK8441-RIPE tech-c: DD15478-RIPE nic-hdl: HOAC1-RIPE mnt-by: HOS-GUN created: 2004-08-12T09:40:20Z last-modified: 2022-11-22T18:33:55Z source: RIPE # Filtered route: 5.9.0.0/16 descr: HETZNER-RZ-FKS-BLK5 origin: AS24940 mnt-by: HOS-GUN created: 2012-04-26T10:30:12Z last-modified: 2012-04-26T10:30:12Z source: RIPE
references
https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports