IOC Radar
IPMediumSignal 83/100

85.215.201.250

Location
GermanyGermany
Berlin, State of Berlin
ASN
AS8560
Strato AG
First Seen
Apr 24, 2026
Last Seen
Jun 9, 2026
Apr 24
First Seen
63d ago
Jun 9
Last Seen
17d ago
14
Reports
source reports
83%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

2 techniques

Network Information

CountryDEGermany
RegionBerlin, State of Berlin
ASNAS8560
OrganizationStrato AG

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports83% confidence
14
Source reports
83%
Confidence score
Category tags
abuseactive scanattackbad reputationbad web botblocklistbotnetbotnet activitybrute forcebrute force attackerbrute-forcebruteforcecowrieddosddos attackdedhcpdigital oceandionaeaelasticsearcheuropeexploitation activityexploited hostfattftpftp brute-forcegermanyhackingimapindicatoriot securityiot targetedkill-chain exploitationkill-chain reconnaissanceldaplow-riskmssqlnetworkntpopen proxyoracleosintp0fping of deathportscanpostgresproxyredisresearchedscanscannerscannerssensor-taggedservice scansmbsnmpsocks5spamssht-pott1110.001t1595.001tannertargeting databasetelnetthreat actortor nodetpotvncvultrweb app attackweb spam

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
14
Reports
First seenApr 24, 2026
Last seenJun 9, 2026
GeolocationDE
CountryGermany
LocationBerlin, State of Berlin
ASNAS8560
OrgStrato AG
Coords51.2993, 9.4910
Proxy

VirusTotal

Not checked

WHOIS

description
every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues
raw
inetnum: 85.215.200.0 - 85.215.203.255 netname: de-ber-ionos-cloud-txl descr: IONOS SE country: DE admin-c: IPAD-RIPE tech-c: IPOP-RIPE status: ASSIGNED PA mnt-by: AS8560-MNT created: 2024-11-21T17:03:30Z last-modified: 2025-06-03T16:17:36Z source: RIPE role: IP Administration address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPAD-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-20T17:24:09Z last-modified: 2025-09-26T12:26:46Z source: RIPE # Filtered role: IP Operations address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPOP-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-28T16:25:04Z last-modified: 2025-09-26T12:26:44Z source: RIPE # Filtered route: 85.215.128.0/17 descr: IONOS SE ber.de origin: AS8560 mnt-by: AS8560-MNT created: 2024-02-01T10:20:15Z last-modified: 2024-02-01T10:20:15Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 17 days ago
Appeared in 14 threat reports