IOC Radar
IPMediumSignal 96/100

91.89.43.18

Location
GermanyGermany
Reutlingen, Baden-Wurttemberg
ASN
AS3209
Vodafone BW GmbH
First Seen
Oct 28, 2024
Last Seen
May 20, 2026
Oct 28
First Seen
594d ago
May 20
Last Seen
25d ago
10
Reports
source reports
96%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryDEGermany
RegionReutlingen, Baden-Wurttemberg
ASNAS3209
OrganizationVodafone BW GmbH

IP Category

VPN
VPN exit node

Feed Intelligence Summary

10 reports96% confidence
10
Source reports
96%
Confidence score
Category tags
active scanactive scanninganonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymous proxy networkanonymous_proxyapplication layer protocolattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanauthentication attemptsautomated network attacksbrute forcebrute force attackbrute force attacksbrute_forcebrute_force_attackcommunication protocolcredential accesscredential attackcredential harvestingcredential stuffingcredential_attackcredential_guessingdata encryptionddosdenial of serviceencryptionenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexploitation activityexternal threatfailed login attemptsfinlandfranceftpftp brute forceftp_brute_forcegermanyhoneynet connecthttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkidentity & access exploitationindicatorindicators of compromiseindicators_of_compromiseinformation technologyinitial accessinitial_accessiocit infrastructurelateral movementlogin attemptmalicious activitymalicious_activitymalicious_ip_activitymalwarenetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_enumerationnetwork_reconnaissancenorth americapassword attackpassword attacksphishingphishing attackpolandprotocol exploitationprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetproxyproxy networkproxy serverproxy serversransomwarerdp_brute_forcereconnaissancereconnaissance activityremote accessremote servicesresearchedscannerscanning activitysecurity operationssecurity_eventservice discoveryservice scanservice scanningsmtpsmtp brute forcesocial engineeringsoftware developmentssh attackssh_brute_forcesuspected malicious activityt1016t1021t1021.001t1021.002t1040t1046t1059t1071t1071.001t1076t1077t1078t1090t1090 - proxyt1090.002t1090.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1499.002t1499.003t1563t1566.001t1566.002t1566.003t1583t1589.002t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tcp scantcp scanningtelnet threatthreat actorthreat intelligencethreat-actor:unattributedthreat_actor_activitythreat_indicatorthreat_intelligencetortor networktor nodeudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorvpnvpn networkvpn servicevulnerability scanweb traffic

Activity Timeline

1 total obs
May 20May 20

Threat Activity Heatmap

· Peak: 2026-05-20
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
10
Reports
First seenOct 28, 2024
Last seenMay 20, 2026
GeolocationDE
CountryGermany
LocationReutlingen, Baden-Wurttemberg
ASNAS3209
OrgVodafone BW GmbH
Coords48.4785, 9.1901
VPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 3/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 91.89.0.0 - 91.89.127.255 netname: KABELBW-03 descr: Vodafone BW GmbH country: DE admin-c: UMAC-RIPE tech-c: UMTC-RIPE status: ASSIGNED PA mnt-by: UNITYMEDIA-MNT mnt-by: KABELBW-MNT created: 2006-08-02T07:51:38Z last-modified: 2022-01-13T22:15:13Z source: RIPE role: Unitymedia Administration address: Vodafone West GmbH address: Ferdinand-Braun-Platz 1 address: 40549 D�sseldorf address: GERMANY admin-c: MH3982-RIPE admin-c: HZ1532-RIPE tech-c: UMTC-RIPE nic-hdl: UMAC-RIPE mnt-by: UNITYMEDIA-MNT mnt-by: KabelBW-MNT created: 2009-07-10T11:13:10Z last-modified: 2023-01-12T14:56:28Z source: RIPE # Filtered role: Unitymedia Technical Contact address: Vodafone West GmbH address: Ferdinand-Braun-Platz 1 address: 40549 D�sseldorf address: GERMANY admin-c: UMAC-RIPE admin-c: UMAB-RIPE tech-c: MH3982-RIPE tech-c: HZ1532-RIPE nic-hdl: UMTC-RIPE mnt-by: UNITYMEDIA-MNT mnt-by: KabelBW-MNT created: 2009-07-10T11:13:10Z last-modified: 2023-01-12T14:57:31Z source: RIPE # Filtered route: 91.89.0.0/17 descr: KabelBW origin: AS29562 mnt-by: KabelBW-MNT created: 2013-05-28T12:31:08Z last-modified: 2013-05-28T12:31:08Z source: RIPE route: 91.89.0.0/17 descr: Vodafone West origin: AS3209 mnt-by: UNITYMEDIA-MNT created: 2021-03-08T22:11:54Z last-modified: 2021-03-08T22:11:54Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 25 days ago
Appeared in 10 threat reports