IOC Radar
IPMediumSignal 39/100

85.208.139.157

Location
GermanyGermany
Frankfurt am Main, VA
ASN
AS215540
Global Connectivity Solutions LLP
First Seen
Apr 7, 2025
Last Seen
Apr 12, 2026
Apr 7
First Seen
437d ago
Apr 12
Last Seen
68d ago
17
Reports
source reports
39%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, VA
ASNAS215540
OrganizationGlobal Connectivity Solutions LLP

Feed Intelligence Summary

17 reports39% confidence
17
Source reports
39%
Confidence score
Category tags
abuseaccess controlactive scanactive scanninganomalous network connectionsapacheapplication layer protocolasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication failuresautomated attackautomated attacksbad reputationblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute_forcec2china mobilecliftoncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised systemscowrie honeypotcowrie ssh attackcredential accesscredential stuffingcredential_accessdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposureddosddos attackdecoy systemdenial of servicedenial-of-service attemptdigitalocean vpsdionaea activitydionaea honeypotdistributed attacksenumerationeuropeexecutable fileexploitexploit probingexploitation activityexploitation attemptsexploited hostfail2ban triggeredfailed login attemptsfattfatt analysisfinlandfranceftpftp attacksftp brute forcegame_servergermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationindicatorinformation technologyinitial accessinjection activityintrusion detectioninvalid login attemptsiocipv4it infrastructurelogin attacklogin attackslogin attemptlogin brute forcelogin brute-forcelogin failuremailmailoney activitymailoney honeypotmalicious activitymalicious ip activitymalicious ipsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmod securitymultiple failed loginsnetworknetwork attacksnetwork brute forcenetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork sniffingnorth americanoticeoceaniap0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword crackingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessresearchedresource hijackingscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetservice scansip attackssmtpsmtp attackssmtp brute forcesmtp scanningsocradar honeypotsoftware developmentssh attackssh attacksssh monitoringstaging_serversuricata alertsuricata alertst1016t1018t1021t1021.001t1021.004t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1078t1078.001t1078.002t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1583t1588t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertanner activitytcp protocoltcp scantelecommunicationstelnet threatthailandthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesus abuseus nonevalid accountsvoipvoip attackweb application attackweb attackweb exploitationweb traffic

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
17
Reports
First seenApr 7, 2025
Last seenApr 12, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, VA
ASNAS215540
OrgGlobal Connectivity Solutions LLP
Coords39.0019, -77.4556

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected attempting to brute force SSH on private honeypot
raw
inetnum: 85.208.139.0 - 85.208.139.255 descr: HOST TELECOM LTD netname: GCS_SER-NET mnt-routes: MNT-NETERRA mnt-domains: INETTECH-MNT org: ORG-GCSL7-RIPE country: DE admin-c: EM14633-RIPE tech-c: EM14633-RIPE abuse-c: ACRO55365-RIPE status: ASSIGNED PA mnt-by: MNT-NETERRA created: 2023-08-23T06:07:10Z last-modified: 2024-12-29T17:09:44Z source: RIPE organisation: ORG-GCSL7-RIPE descr: Global Connectivity Solutions org-name: GLOBAL CONNECTIVITY SOLUTIONS LLP country: GB org-type: OTHER address: Suite 310, 21 Hill Street, Haverfordwest, Pembrokeshire, SA61 1QQ abuse-c: ACRO55365-RIPE remarks: -----CONTACT----- remarks: abuse: [email protected] remarks: support: [email protected] remarks: -------END------- mnt-ref: GIRnet-mnt remarks: -----CUSTOMERS----- mnt-ref: AM-VDS mnt-ref: INETTECH-MNT mnt-ref: ru-avm-1-mnt mnt-ref: ru-pev-1-mnt mnt-ref: PROEKT-MNT mnt-ref: proxy-six-mnt mnt-ref: IPSMAIN mnt-ref: IEAG mnt-ref: MNT-DGTL mnt-ref: MNT-INTERLAN mnt-ref: AZERONLINE-MNT mnt-ref: lir-ru-powernet-1-MNT mnt-ref: lir-ru-llclorien-1-MNT mnt-ref: ru-permtelecom-1-mnt mnt-ref: DATAMAX-M mnt-ref: IVC-MNT mnt-ref: FREENET-MNT mnt-ref: BG-MNT mnt-ref: ru-quasar-1-mnt mnt-ref: voldeta-mnt mnt-ref: interlir-mnt mnt-ref: mnt-ru-ipdenisova-1 mnt-ref: MNT-STRL mnt-ref: MNT-GCX mnt-ref: ROSNIIROS-MNT mnt-ref: IPMAGNAT-MNT mnt-ref: VPSVILLE-mnt mnt-ref: lir-ae-royal-1-MNT mnt-ref: MNT-NETERRA mnt-ref: SVT-RIPE-MNT mnt-ref: mnt-ru-am-1 mnt-ref: us-coreip-1-mnt mnt-ref: mnt-bg-eurocrypt-1 mnt-ref: lir-ae-technology-1-MNT mnt-ref: sc-rapidseedbox-1-mnt mnt-ref: sistemaltd-mnt mnt-ref: mnt-hr-maxko-1 mnt-ref: MNT-TIGRIS remarks: --------END-------- mnt-by: GCS-MNT created: 2024-01-25T10:49:19Z last-modified: 2025-08-07T13:13:54Z source: RIPE # Filtered person: Global Connectivity Solutions address: Suite 310, 21 Hill Street, Haverfordwest, Pembrokeshire, SA61 1QQ remarks: -----CONTACT----- remarks: -------END------- phone: +44 117 409 0977 nic-hdl: EM14633-RIPE mnt-by: GCS-MNT created: 2024-01-25T10:42:56Z last-modified: 2024-10-26T14:02:57Z source: RIPE # Filtered route: 85.208.139.0/24 origin: AS215540 mnt-by: MNT-NETERRA created: 2024-11-29T03:48:32Z last-modified: 2024-11-29T03:48:32Z source: RIPE
references
https://redpiranha.net, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-04/, https://jamesbrine.com.au, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 17 threat reports