IOC Radar
IPMediumSignal 100/100

146.185.239.33

Location
SpainSpain
Madrid, Madrid
ASN
AS63023
Cust88530 Network
First Seen
Mar 28, 2025
Last Seen
Jun 7, 2026
Mar 28
First Seen
443d ago
Jun 7
Last Seen
7d ago
10
Reports
source reports
99%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryESSpain
RegionMadrid, Madrid
ASNAS63023
OrganizationCust88530 Network

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
accessactive scanactive scanningaerospace & defenseapplication layer protocolaptauthentication attackbackdoorbad reputationbig game huntingbig-game huntingbodybotnetbotnet activitybrute forcebrute force attackbuttonc2cactuscertcisco securecivil servicesclosecobaltstrikecode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcontactcredential accesscredential brute forcingcredential harvestingcredential stuffingdata accessdata copyingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata store exposuredata transferddosdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdll sidedll side-loadingdll sideloadingdouble extortionencryptioneuropeeurope/asiaexecutable fileexploitation activityextortionfindfooterformftpftp brute forcegamaredongamaredon aptgeogermanygithubgovernment technologygthostgthost isphttp scannerhttpshyperhosting ispidentity & access exploitationindicatoringress tool transferinitial accessinjection activityinput validation bypassinterlockiocsiot securitylinklnklnk abuselnk file attacklnk fileslogin attemptsmainmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware campaignmalware distributionmetadata analysismetasploitmilitary operationsnational securitynetworknetwork attacksnetwork iocsnetwork probenetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningopenpassword attackspath traversalphishingphishing attackphishing campaignpossible credential stuffingpossible malicious activitypowershell downloadpowershell downloaderprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesreloadremcos trojanremote accessremote access trojanremote servicesresearchedrussiarussian federationrussian threat actorscanning activityscriptscripting attacksservice scansmallsmtp enumerationsocial engineeringsocial media securityspainspanspearphishingssh attackstarsystem disruptiont1005t1016t1018t1021t1021.001t1027t1030t1040t1041t1046t1055t1055.001t1059t1059.001t1059.003t1059.005t1071.001t1076t1078t1078.001t1086t1087t1104t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1193t1202t1204t1204.002t1486t1490t1496t1499.002t1499.003t1547t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1589t1595t1595.001t1595.002t1595.003talostcp protocoltcp scantelnet threattetraloaderthreat actorthreat spotlighttor nodetrojan malwareturkeyudp scanukrukraineukraine targetingvalid accountsweb application attackweb application exploitationweb trafficworldwide secrets blogwritezip file

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenMar 28, 2025
Last seenJun 7, 2026
GeolocationES
CountrySpain
LocationMadrid, Madrid
ASNAS63023
OrgCust88530 Network
Coords40.4318, -3.6840
Hosting

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 146.185.239.0 - 146.185.239.255 netname: cust88530-network abuse-c: ACRO55291-RIPE country: ES admin-c: VVV161-RIPE tech-c: VVV161-RIPE status: ASSIGNED PA mnt-by: MNT-PINSUPPORT created: 2024-10-11T08:44:11Z last-modified: 2024-10-11T09:02:15Z source: RIPE person: Varnyan Valeriya Viktorovna address: b-r Semfiropolskij 30 address: Moscow address: 117452 address: RUSSIAN FEDERATION phone: +79689509509 nic-hdl: VVV161-RIPE mnt-by: MNT-PINSUPPORT created: 2024-01-17T15:45:09Z last-modified: 2024-01-17T15:45:09Z source: RIPE route: 146.185.239.0/24 origin: AS63023 mnt-by: MNT-PINSUPPORT created: 2024-10-11T08:44:11Z last-modified: 2024-10-11T08:44:11Z source: RIPE
references
https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/, uat-6382.txt, pathwiper.txt, toymaker.txt, uat-5918.txt, iocs_gamaredon_remcos.txt, lotus-blossom-espionage-group.txt, new-persistent-attacks-japan.txt, online-marketplace-scams.txt, new-tornet-backdoor-campaign.txt, pathwiper (1).txt, https://threatfox.abuse.ch/export/csv/recent/, https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/?&web_view=true, https://labs.inquest.net/iocdb

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 10 threat reports