IOC Radar
IPMediumSignal 63/100

185.158.248.198

Location
RomaniaRomania
Bucharest, București
ASN
AS9009
servinga GmbH
First Seen
Feb 5, 2025
Last Seen
Jun 7, 2026
Feb 5
First Seen
495d ago
Jun 7
Last Seen
8d ago
9
Reports
source reports
63%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryRORomania
RegionBucharest, București
ASNAS9009
Organizationservinga GmbH

IP Category

VPN
VPN exit node

Feed Intelligence Summary

9 reports63% confidence
9
Source reports
63%
Confidence score
Category tags
active scanaptbotnetbotnet activitybrute forcec2 ipcentral asiacertcivil servicescommand & controlcommand and controlcredential harvestingcredential stuffingcrypto cybercryptocurrencycyber threatcyber-espionagedata exfiltrationdata store exposuredefencedistributed attacksdomainseuropeexploitation activitygovernment targetsgovernment technologyhatvibeidentity & access exploitationinfrastructure acquisitionreconnaissanceinjection activityit infrastructurelogpiemalicious softwaremalwaremanualnetworkphishingphishing attackprocess injectionproxypublic administrationpublic infrastructurepublic policypythonratregulatory agenciesremote access trojanresearchedroromaniasocial engineeringsoftware developmentt1003t1003.001t1027t1047t1053.005t1055t1059.005t1071t1071.001t1082t1105t1189t1190t1204.002t1486t1496t1499.002t1499.003t1547.001t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1590.001threat actortimetor nodeturkeyukrainevpnweaponized documents

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
9
Reports
First seenFeb 5, 2025
Last seenJun 7, 2026
GeolocationRO
CountryRomania
LocationBucharest, București
ASNAS9009
Orgservinga GmbH
Coords44.4268, 26.1025
VPN

VirusTotal

Not checked

WHOIS

description
CC=RO ASN=AS9009 M247 Europe SRL
raw
inetnum: 185.158.248.0 - 185.158.248.255 netname: RO-SERVINGA-20160711 country: RO geoloc: 44.45120379999999 26.133890000000065 org: ORG-SG288-RIPE admin-c: CL8090-RIPE tech-c: CL8090-RIPE status: ASSIGNED PA mnt-by: MNT-CHRISL mnt-by: MNT-SERVINGA created: 2016-07-11T13:19:44Z last-modified: 2024-12-11T23:20:51Z source: RIPE organisation: ORG-SG288-RIPE org-name: servinga GmbH country: DE org-type: LIR address: Ruesselsheimer Str. 22 address: 60326 address: Frankfurt address: GERMANY phone: +49 69 348 75 11 0 admin-c: CL8090-RIPE tech-c: CL8090-RIPE abuse-c: AR46579-RIPE mnt-ref: MNT-SERVINGA mnt-ref: MNT-CHRISL mnt-ref: mnt-de-fraconnect-1 mnt-ref: MEER-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-SERVINGA created: 2018-05-22T14:05:29Z last-modified: 2023-01-09T12:24:22Z source: RIPE # Filtered person: Christian Lertes remarks: servinga GmbH address: Ruesselsheimer Str. 22 address: 60326 address: Frankfurt address: GERMANY phone: +49 69 348 75 11 0 nic-hdl: CL8090-RIPE mnt-by: MNT-SERVINGA created: 2018-05-22T14:05:28Z last-modified: 2020-10-05T14:14:53Z source: RIPE route: 185.158.248.0/24 origin: AS9009 mnt-by: MNT-CHRISL mnt-by: MNT-RACKPLACE created: 2016-07-11T13:46:53Z last-modified: 2016-07-11T13:46:53Z source: RIPE
references
https://www.bitdefender.com/en-us/blog/businessinsights/uac-0063-cyber-espionage-operation-expanding-from-central-asia, https://cert.gov.ua/article/6280129, https://cert.gov.ua/article/6280099

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 9 threat reports