IOC Radar
IPMediumSignal 27/100

130.195.221.172

Location
FinlandFinland
Tammisto, Uusimaa
ASN
AS9009
M247 Europe SRL
First Seen
Jan 23, 2025
Last Seen
May 31, 2026
Jan 23
First Seen
507d ago
May 31
Last Seen
14d ago
18
Reports
source reports
27%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryFIFinland
RegionTammisto, Uusimaa
ASNAS9009
OrganizationM247 Europe SRL

IP Category

VPN
VPN exit node

Feed Intelligence Summary

18 reports27% confidence
18
Source reports
27%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningantispamapacheapache attackerattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcecommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attackseuropeexploit probingexploitation activityfifinlandftp brute forcehackingidentity & access exploitationinformation technologyinjection activityit infrastructurelog4jmailoney email attacksmailoney honeypotmalicious activitymalicious python scriptsmalicious softwaremalwaremalware hostingnetworknetwork intrusion attemptsnetwork scanningnetwork securitynew zealandoceaniapassword attacksphishingphishing attackphishing trapprocess injectionproxyreconnaissanceresearchedresource hijackingscannersecurity policysentrypeer attackssentrypeer botnetsftp access attemptsftp attacksip attackssip brute forcesocial engineeringsoftware developmentspamssh attackssh monitoringt1021t1040t1041t1053t1055t1059t1068t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1589t1590t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat preventiontor nodevoipvoip attackvpnweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
18
Reports
First seenJan 23, 2025
Last seenMay 31, 2026
GeolocationFI
CountryFinland
LocationTammisto, Uusimaa
ASNAS9009
OrgM247 Europe SRL
Coords-41.0000, 174.0000
VPN

VirusTotal

Not checked

WHOIS

description
2025-03-04T07:29:17.534Z Honeypot : Tanner : Source: 130.195.221.172 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': 'a0e626ff-3357-4ee4-bf9b-73a6fa97395e'}}}
raw
inetnum: 130.195.221.0 - 130.195.221.255 netname: M247-Helsinki descr: M247 Europe - Helsinki Infrastructure org: ORG-MES68-RIPE geoloc: 60.2047672 24.6568435 status: LEGACY remarks: Geofeed found at https://geoip.m247.ro/geofeeds.csv country: FI admin-c: ME5262-RIPE tech-c: ME5262-RIPE mnt-by: GLOBALAXS-MNT remarks: -------------- LEGAL CONCERNS -------------- remarks: For any legal requests, please send an email remarks: to [email protected] for a maximum 48hours response. remarks: -------------- LEGAL CONCERNS -------------- created: 2024-10-11T13:58:44Z last-modified: 2024-10-11T13:58:44Z source: RIPE organisation: ORG-MES68-RIPE org-name: M247 Europe SRL org-type: Other address: Sinimaentie 8 address: 02630, Espoo address: Finlanda abuse-c: ME5262-RIPE mnt-ref: GLOBALAXS-MNT mnt-by: GLOBALAXS-MNT created: 2024-10-11T13:38:01Z last-modified: 2024-10-11T13:38:01Z source: RIPE # Filtered role: M247 Europe address: Sos. Fabrica de Glucoza, Nr 11B address: etaj 1, Sector 2, Bucuresti Romania admin-c: PP13161-RIPE tech-c: MP26073-RIPE abuse-mailbox: [email protected] nic-hdl: ME5262-RIPE mnt-by: M247-EU-MNT created: 2014-01-13T12:11:34Z last-modified: 2014-12-08T16:22:40Z source: RIPE # Filtered route: 130.195.221.0/24 origin: AS9009 descr: M247 Europe Infra mnt-by: GLOBALAXS-MNT created: 2024-10-11T13:58:44Z last-modified: 2024-10-11T13:58:44Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 18 threat reports