IOC Radar
IPMediumSignal 74/100

91.99.2.104

Location
GermanyGermany
Falkenstein, Saxony
ASN
AS24940
Hetzner
First Seen
Apr 7, 2025
Last Seen
Feb 14, 2026
Apr 7
First Seen
430d ago
Feb 14
Last Seen
117d ago
13
Reports
source reports
74%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryDEGermany
RegionFalkenstein, Saxony
ASNAS24940
OrganizationHetzner

Feed Intelligence Summary

13 reports74% confidence
13
Source reports
74%
Confidence score
Category tags
abuseactive scanningattackaustraliaauthenticationauthentication abusebotnetbrute forcebrute force attackbrute force attemptbrute force attemptscommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingdata exfiltrationdecoy systemdistributed attackseuropegermanyindicatoripv4iran, islamic republic ofmalicious activitymalicious payloadmalicious softwaremalwarenetworknetwork port scanningnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningoceaniapassword attackspotential threat actorprocess injectionreconnaissanceremote accessremote service exploitationresearchedscanscannerscanning activitysftp attacksip scanningssh attackssh monitoringssh scanningt1018t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1565t1589t1592t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligenceunauthorized accessvoip

Activity Timeline

1 total obs
Feb 14Feb 14

Threat Activity Heatmap

· Peak: 2026-02-14
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
13
Reports
First seenApr 7, 2025
Last seenFeb 14, 2026
GeolocationDE
CountryGermany
LocationFalkenstein, Saxony
ASNAS24940
OrgHetzner
Coords35.6980, 51.4115

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 91.99.0.0 - 91.99.15.255 netname: CLOUD-FSN1 remarks: INFRA-AW country: DE org: ORG-HOA1-RIPE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN created: 2025-05-19T08:29:37Z last-modified: 2025-05-19T08:29:37Z source: RIPE organisation: ORG-HOA1-RIPE org-name: Hetzner Online GmbH country: DE org-type: LIR address: Industriestrasse 25 address: D-91710 address: Gunzenhausen address: GERMANY phone: +49 9831 5050 fax-no: +49 9831 5053 admin-c: MF1400-RIPE admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: SK2374-RIPE admin-c: SK8441-RIPE abuse-c: HOAC1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: HOS-GUN mnt-by: RIPE-NCC-HM-MNT mnt-by: HOS-GUN created: 2004-04-17T11:07:58Z last-modified: 2022-11-22T18:32:44Z source: RIPE # Filtered role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 abuse-mailbox: [email protected] remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * [email protected], or fill out the form at * remarks: * abuse.hetzner.com, thank you. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * [email protected] * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE tech-c: MF1400-RIPE tech-c: SK8441-RIPE tech-c: DD15478-RIPE nic-hdl: HOAC1-RIPE mnt-by: HOS-GUN created: 2004-08-12T09:40:20Z last-modified: 2022-11-22T18:33:55Z source: RIPE # Filtered route: 91.99.0.0/16 descr: HETZNER-DC origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN created: 2025-01-13T14:50:26Z last-modified: 2025-01-13T14:50:26Z source: RIPE organisation: ORG-HOA1-RIPE org-name: Hetzner Online GmbH country: DE org-type: LIR address: Industriestrasse 25 address: D-91710 address: Gunzenhausen address: GERMANY phone: +49 9831 5050 fax-no: +49 9831 5053 admin-c: MF1400-RIPE admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: SK2374-RIPE admin-c: SK8441-RIPE abuse-c: HOAC1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: HOS-GUN mnt-by: RIPE-NCC-HM-MNT mnt-by: HOS-GUN created: 2004-04-17T11:07:58Z last-modified: 2022-11-22T18:32:44Z source: RIPE # Filtered
references
https://redpiranha.net, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 13 threat reports