IOC Radar
IPHighVerifiedSignal 49/100

158.173.240.154

Location
SerbiaSerbia
Belgrade, Central Serbia
ASN
AS9009
VPN Consumer Belgrade, Serbia
First Seen
Apr 24, 2026
Last Seen
Jun 21, 2026
Apr 24
First Seen
59d ago
Jun 21
Last Seen
yesterday
4
Reports
source reports
49%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryRSSerbia
RegionBelgrade, Central Serbia
ASNAS9009
OrganizationVPN Consumer Belgrade, Serbia

Feed Intelligence Summary

4 reports49% confidence
4
Source reports
49%
Confidence score
Category tags
active scanbrute forcecredential harvestingcredential stuffingcredential-harvestingenv-huntingexploitation activityhackingidentity & access exploitationnetworknginxproxyresearchedscannerserbiathreat intelweb app attack

Activity Timeline

1 total obs
Jun 21Jun 21

Threat Activity Heatmap

· Peak: 2026-06-21
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
4
Reports
First seenApr 24, 2026
Last seenJun 21, 2026
Verified IOC
GeolocationRS
CountrySerbia
LocationBelgrade, Central Serbia
ASNAS9009
OrgVPN Consumer Belgrade, Serbia
Coords44.8125, 20.4612

VirusTotal

Not checked

WHOIS

description
Verified zero-day scanner targeting decentralized Nginx worker nodes
raw
inetnum: 158.173.240.0 - 158.173.240.255 netname: BELGRADE-RS-158-173-240-0 country: RS geoloc: 44.8119871 20.4560292 geofeed: https://www.prefixbroker.com/prefixbroker-geofeed.csv org: ORG-VCBS3-RIPE admin-c: VCAR3-RIPE tech-c: VCAR3-RIPE status: LEGACY mnt-by: PREFIXBROKER-MNT created: 2026-03-18T10:47:43Z last-modified: 2026-03-18T10:47:43Z source: RIPE organisation: ORG-VCBS3-RIPE org-name: VPN Consumer Belgrade, Serbia org-type: OTHER address: Belgrade, Serbia country: RS abuse-c: VCAR3-RIPE mnt-ref: PREFIXBROKER-MNT mnt-by: PREFIXBROKER-MNT created: 2025-01-13T08:48:32Z last-modified: 2025-01-13T08:48:32Z source: RIPE # Filtered role: VPN Consumer Abuse Role address: AZ Business Center address: Avenida Perez Chitre address: Panama, 00395 address: Republica de Panama nic-hdl: VCAR3-RIPE abuse-mailbox: [email protected] mnt-by: PREFIXBROKER-MNT created: 2023-11-22T08:33:27Z last-modified: 2023-11-22T08:33:27Z source: RIPE # Filtered route: 158.173.240.0/24 origin: AS9009 mnt-by: PREFIXBROKER-MNT created: 2026-03-18T10:47:43Z last-modified: 2026-03-18T10:47:43Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 month ago · Last seen 1 day ago
Appeared in 4 threat reports