IOC Radar
IPMediumSignal 76/100

178.220.234.5

Location
SerbiaSerbia
Belgrade, Central Serbia
ASN
AS8400
x BALKAN TV DOO SREMSKA KAMENICA x
First Seen
Oct 13, 2023
Last Seen
Jun 8, 2026
Oct 13
First Seen
988d ago
Jun 8
Last Seen
19d ago
12
Reports
source reports
76%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryRSSerbia
RegionBelgrade, Central Serbia
ASNAS8400
Organizationx BALKAN TV DOO SREMSKA KAMENICA x

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports76% confidence
12
Source reports
76%
Confidence score
Category tags
abuseabusech-urlhaus-c2caccess controlactive scanactive scanningadwindaptarmasciiasyncratbackdoorbad reputationbad web botblacklist candidatebotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute-forcec&cc2censyscnccobaltstrikecode injectioncoinminercommand & controlcommand and controlcommunication protocolcompromised hostcredential accesscredential harvestingcredential stuffingcryptocurrencydata exfiltrationdata store exposuredattormmddosddos attackddos attacksddos botdecoy systemdenial of servicedistributed attacksdns attackdropped-by-amadeyeilfelfencryptionexeexecutable fileexploitation activitygafgytgeneric-av-detectiongitlabgoproxyhackinghajimehtahttp scanneridentity & access exploitationindicatorinfected hostinfostealerinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attacklnklodamalicious communicationmalicious softwaremalwaremalware distributionmalware servermassloggermipsmirai botnetmozinetworknetwork attacksnetwork reconnaissancenetwork securityopen_dns_resolvers-benignopendirpassword attacksphantomstealerphishingphishing attackprocess injectionproxyquasarratransomwarereconnaissanceremote accessresearchedsaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscanscannersecurity policyserbiaservice probingsocial engineeringspamspam botsshdkitstealct1016t1021t1027t1040t1046t1055t1059t1059.007t1071t1071.001t1078t1105t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204t1204.001t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1573t1589t1595t1595.001t1595.002t1595.003tcp protocolthreat actorthreat intelligencethreat preventiontor nodetriageua-wgetunited statesverified-benignweb application attackweb exploitationweb trafficx86xorddosxwormzip

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
12
Reports
First seenOct 13, 2023
Last seenJun 8, 2026
GeolocationRS
CountrySerbia
LocationBelgrade, Central Serbia
ASNAS8400
Orgx BALKAN TV DOO SREMSKA KAMENICA x
Coords44.8125, 20.4612
Proxy

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 8080 HTTP and PROXY. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 178.220.234.4 - 178.220.234.7 netname: BALKAN_KABLOVSKA_TV_NET descr: Novi Sad-NOVI SAD-FUTOSKI PUT 51 country: RS admin-c: AP29715-RIPE tech-c: IV1931-RIPE status: ASSIGNED PA mnt-by: TELEKOM-MNT created: 2022-11-17T15:06:57Z last-modified: 2022-11-17T15:06:57Z source: RIPE person: Andrej Pap address: Novi Sad-NOVI SAD-FUTOSKI PUT 51 address: novi Sad phone: + 381 63 1064963 nic-hdl: AP29715-RIPE mnt-by: TELEKOM-MNT created: 2019-04-02T11:28:07Z last-modified: 2019-04-02T11:28:07Z source: RIPE # Filtered person: Ivan Vinkesevic address: Novi Sad-NOVI SAD-FUTOSKI PUT 51 address: novi Sad phone: + 381 66 210128 nic-hdl: IV1931-RIPE mnt-by: TELEKOM-MNT created: 2019-04-02T11:30:19Z last-modified: 2019-04-02T11:30:19Z source: RIPE # Filtered route: 178.220.0.0/15 origin: AS8400 mnt-by: AS8400-MNT mnt-by: TELEKOM-MNT created: 2022-08-17T20:35:27Z last-modified: 2022-08-17T20:35:27Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 19 days ago
Appeared in 12 threat reports