IPMediumSignal 24/100

`185.193.88.229`

Location

Ukraine

Kharkiv, Kharkivs’ka Oblast’

ASN

AS210848

FOP Grushko Olena Mikolaivna

First Seen

Apr 7, 2025

Last Seen

Apr 7, 2026

Apr 7

First Seen

432d ago

Apr 7

Last Seen

67d ago

Reports

source reports

24%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

24%

Signal Score

24 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Network Information

Country

Ukraine

RegionKharkiv, Kharkivs’ka Oblast’

ASNAS210848

OrganizationFOP Grushko Olena Mikolaivna

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

7 reports24% confidence

Source reports

24%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningafricaalienvault_ransomwareattackauthenticationauthentication attackauthentication attacksauthentication brute forceauthentication bypassauthentication failureautomated brute forcebad reputationbelgiumbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptscivil servicescommand and controlcompromise attemptcountcredential accesscredential stuffingdata exfiltrationdata store exposuredecoy systemdistributed attacksdmytro nedilskyie-rishennyaencryptioneuropeeurope/asiaexploitationexploitation activityfailed authenticationfdn3ftp brute forcegeo-distributed attackgovernment technologyguy bruneauhttp brute forceidentity & access exploitationindicatorinformation technologyinjection activityinternet stormipv4ipv4 addressipv4 address abuseipv4 addressesit infrastructurelateral movementlogin attacklogin brute forcelogin brutingmalicious activitymalicious loginmalicious softwaremalwaremulti-geo location attackmulti-location attackmultiple failed loginsmultiple geo locationsmultiple geo-locationsmultiple ip addressesmultiple ipsmultiple locationsnetherlandsnetworknetwork accessnetwork infrastructure attacknetwork infrastructure scanningnetwork intrusionnetwork intrusion attemptnetwork perimeternetwork reconnaissancenetwork scanningnetwork securitypassword attackpassword attackspassword crackingpassword sprayingphishingpotential intrusionsprocess injectionpublic administrationpublic infrastructurepublic policyrandom usernamerandom usernamesransomwarereconnaissanceregulatory agenciesremote accessremote access abuseremote servicesresearchedrussiarussian federationscannerscanning activitysecurity operationsseychellessmtp brute forcesoftware developmentsouth africassh attackssl vpnstorm centerstrongsyn scant1021.001t1021.004t1046t1055t1059t1059.004t1068t1071.001t1076t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.003t1563t1565t1583.003t1583.006t1584.004t1586t1586.001t1588t1588.001t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencetor nodetwitterudp scanukraineukrainian networksukrainian threat actorsunauthorized accessunauthorized access attemptsunauthorized loginunauthorized login attemptsunknown credentialsunknown passwordsunknown usernamesvaizvpnvpn accessvpn securityvulnerabilityvulnerability scanweb scanner

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This indicator of compromise (IOC), an IPv4 address, has a low-risk score of 23.56, indicating that it does not currently pose a high immediate threat. While associated with activities such as brute-force attempts, password spraying, and scanning for vulnerabilities like CVE-2021-20016, these actions represent early-stage reconnaissance rather than active compromise. Mere inclusion in threat intelligence feeds does not by itself indicate hostile behavior or a direct breach. The identified activi…

Threat ScoreLow Risk

SIGNAL

Signal Score

24%

Confidence

Reports

First seenApr 7, 2025

Last seenApr 7, 2026

GeolocationUA

CountryUkraine

LocationKharkiv, Kharkivs’ka Oblast’

ASNAS210848

OrgFOP Grushko Olena Mikolaivna

Coords55.7386, 37.6068

VPN

VirusTotal

Not checked

WHOIS

description: CC=NL ASN=ASNone
raw: inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered
references: https://isc.sans.edu/diary/rss/31952, 2025-05-02-SSL-VPN-malicious-login-attempts.csv, 2025-05-01-SSL-VPN-malicious-login-attempts.csv, 2025-04-30-SSL-VPN-malicious-login-attempts.csv, 2025-04-25-SSL-VPN-malicious-login-attempts.csv, 2025-04-24-SSL-VPN-malicious-login-attempts.csv, 2025-04-23-SSL-VPN-malicious-login-attempts.csv, 2025-04-22-SSL-VPN-malicious-login-attempts.csv, 2025-04-18-SSL-VPN-malicious-login-attempts.csv, 2025-04-17-SSL-VPN-malicious-login-attempts.csv, 2025-04-16-SSL-VPN-malicious-login-attempts.csv, 2025-04-14-SSL-VPN-malicious-login-attempts.csv, 2025-04-11-SSL-VPN-malicious-login-attempts.csv, 2025-04-10-SSL-VPN-malicious-login-attempts.csv, 2025-04-09-SSL-VPN-malicious-login-attempts.csv, 2025-04-08-SSL-VPN-malicious-login-attempts.csv

`185.193.88.229`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy