IPMediumSignal 94/100
85.203.20.73
Location
GermanyZagreb, BE
ASN
AS212238
Falco IPR B.V.
First Seen
Feb 16, 2023
Last Seen
Mar 12, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionZagreb, BE
ASNAS212238
OrganizationFalco IPR B.V.
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
10 reports94% confidence
10
Source reports
94%
Confidence score
Category tags
accessactive scanningadbhoney activityadbhoney honeypotattackaustraliabad web botbotnetbrute forcebrute force attackbrute force attemptscommand and controlcommand injectioncommunication protocolcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcroatiadata encryptiondata exfiltrationdecoy systemdenial of servicedionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksdnsemaileuropeexploitexploitation attemptfattftpftp brute forcegermanygithubgroupshackinghoneytrap activityhoneytrap honeypothrhttp scannerindexinformation technologyinitial accessinternet-facingit infrastructurelamplamp attacklamp stack attacklateral movementmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securityoceaniap0fpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationproxypythonreconnaissanceresearchedresource hijackingscannerscriptscripting attackssensor-taggedsentrypeer activitysentrypeer botnetsftpsftp activitysftp attacksipsip scanningslugsmtpsocial engineeringsoftware developmentspamsshssh attackssh monitoringsurface webt-pott1021.002t1040t1041t1046t1055t1059t1059.004t1059.007t1071t1071.001t1077t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetpottpotcevoipvoip attackvpnweb application attackweb attackweb exploitationweb spamweb traffic
Activity Timeline
Mar 12Mar 12
Threat Activity Heatmap
· Peak: 2026-03-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
10
Reports
First seenFeb 16, 2023
Last seenMar 12, 2026
GeolocationDE
CountryGermany
LocationZagreb, BE
ASNAS212238
OrgFalco IPR B.V.
Coords52.5155, 13.4059
VPN
VirusTotal
Not checked
WHOIS
- description
- 2025-02-03T02:57:14.239Z Honeypot : Tanner : Source: 85.203.20.73 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '55b17ba4-01df-4e74-8db5-5a19496eb4ce'}}}
- raw
- inetnum: 85.203.20.0 - 85.203.20.255 netname: EXPRES-85-203-20-0 country: HR geoloc: 45.8112477 15.9812402 admin-c: JVV19-RIPE tech-c: JVV19-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2022-11-10T13:12:18Z last-modified: 2022-11-10T13:12:18Z source: RIPE person: Jeroen van veen address: Falco IPR B.V. address: De Hoefsmid 11-13 address: 1851 PZ Heiloo address: The Netherlands phone: +31 72 532 3744 nic-hdl: JVV19-RIPE created: 2002-09-16T13:46:49Z last-modified: 2018-05-01T12:11:21Z source: RIPE # Filtered mnt-by: MNT-FALCO route: 85.203.20.0/24 origin: AS212238 mnt-by: PREFIXBROKER-MNT created: 2024-06-18T08:24:31Z last-modified: 2024-06-18T08:24:31Z source: RIPE
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 3 months ago
Appeared in 10 threat reports