IPMediumSignal 39/100

`185.150.28.13`

Location

Switzerland

Schenkon, Lucerne

ASN

AS59891

Fsit AG

First Seen

Feb 13, 2025

Last Seen

Jun 3, 2026

Feb 13

First Seen

488d ago

Jun 3

Last Seen

13d ago

Reports

source reports

39%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

39%

Signal Score

39 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

89 techniques

Network Information

Country

Switzerland

RegionSchenkon, Lucerne

ASNAS59891

OrganizationFsit AG

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports39% confidence

Source reports

39%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapacheapache attackerapplication layer protocolaptattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication attemptsautomated attackautomated attack campaignsautomated feedautomated network attacksautomated_attackbad reputationbad web botblocklist_allbotnetbotnet activitybotnet activity detectionbotnet c2botnet detectionbotnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2c2 addressesc2 communicationc2 detectionc2 infrastructurec2 serverchcisco asacisco asa targetscisco devicecisco exploitation attemptcommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorsconpot honeypotcowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase serverddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdionaeadionaea honeypotdionaea interactionsdistributed attackdistributed attacksencryptionenterprise networkingenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploitation activityexploitation attemptexploited hostexternal threatfailed login attemptsfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfinlandfireholfrancefraud ordersftpftp brute forceftp brute-forceftp_attemptsftp_brute_forcegermanyhackinghashhoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp/httpshttp/shttp_httpshttpsi2p networkicmpics securityidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet scanintrusion detectioniociocsiot botnetiot deviceiot securityiot/ics attackircit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashinglamplamp server targetinglamp stack exploitationlateral movementlinux serverlinux systemslinux targetslogin attemptlogin attemptsmailoney honeypotmailoney interactionsmalicious activitymalicious domainmalicious domainsmalicious hashesmalicious ipsmalicious linksmalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware analysismalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware filtermalware indicatorsmalware urlsmirai botnetnetworknetwork anomaliesnetwork attacksnetwork devicenetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenorth americaoceaniaopenphish feedopenphish iocp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspolandpossible credential stuffingpossible reconnaissancepotential botnet activitypotential credential compromiseprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy ipsproxy networkproxy serverproxy serversransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscams & fraudscannerscanning activitysecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetsentrypeer interactionsservice discoveryservice enumerationservice scanservice scanningsftp attacksmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsshssh attackssh monitoringssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsuricata alertssuspected malicious activitysyn scansystem accesst1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-actor:unattributedthreat-intelthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_exit_nodetorexittorexitnodestpotudp scanunattributed threat activityunattributed_threat_activityunauthenticated accessunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunix targetsunknown threat actorurlhausvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb applicationweb application attackweb application attacksweb exploitweb exploitationweb securityweb serverweb spamweb traffic

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

39%

Confidence

Reports

First seenFeb 13, 2025

Last seenJun 3, 2026

GeolocationCH

CountrySwitzerland

LocationSchenkon, Lucerne

ASNAS59891

OrgFsit AG

Coords47.1841, 8.1116

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 185.150.28.0 - 185.150.28.255 netname: FSIT-AG-185-150-28-0 country: CH admin-c: FARA1-RIPE tech-c: FAIO1-RIPE status: ASSIGNED PA mnt-by: MNT-FSIT created: 2018-05-14T21:28:23Z last-modified: 2025-07-02T12:33:23Z source: RIPE mnt-routes: MNT-FSIT role: FSIT AG IT Operation address: Grenzstrasse 3b address: 6214 Schenkon address: Switzerland remarks: ****************************************************** remarks: For spam/abuse, please contact [email protected] remarks: E-mails to the persons below will be IGNORED! remarks: ****************************************************** abuse-mailbox: [email protected] admin-c: FARA23-RIPE tech-c: FARA23-RIPE nic-hdl: FAIO1-RIPE mnt-by: MNT-FSIT created: 2013-08-10T16:17:19Z last-modified: 2024-11-15T07:28:10Z source: RIPE # Filtered role: FSIT AG RIPE Admin address: Grenzstrasse 3b address: 6214 Schenkon address: Switzerland remarks: ****************************************************** remarks: For spam/abuse, please contact [email protected] remarks: E-mails to the persons below will be IGNORED! remarks: ****************************************************** abuse-mailbox: [email protected] admin-c: FARA23-RIPE tech-c: FARA23-RIPE tech-c: FAIO1-RIPE nic-hdl: FARA1-RIPE mnt-by: MNT-FSIT created: 2013-08-10T16:12:38Z last-modified: 2024-11-15T07:29:11Z source: RIPE # Filtered route: 185.150.28.0/24 descr: Routing by FSIT AG - Hosted Services origin: AS59891 mnt-by: MNT-FSIT created: 2018-03-20T20:45:48Z last-modified: 2018-03-20T20:45:48Z source: RIPE
references: https://check.torproject.org/torbulkexitlist

`185.150.28.13`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy