IOC Radar
IPMediumSignal 22/100

185.213.193.194

Location
United StatesUnited States
Washington, District of Columbia
ASN
AS21859
Mullvad VPN AB
First Seen
Feb 19, 2025
Last Seen
May 9, 2026
Feb 19
First Seen
487d ago
May 9
Last Seen
44d ago
7
Reports
source reports
22%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
22%
Signal Score
22 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryUSUnited States
RegionWashington, District of Columbia
ASNAS21859
OrganizationMullvad VPN AB

IP Category

VPN
VPN exit node

Feed Intelligence Summary

7 reports22% confidence
7
Source reports
22%
Confidence score
Category tags
active scanactive scanningantispambotnetbotnet activitybrute forcebrute force attackcommand and controlcompromised credentialscredential accesscredential stuffingdata exfiltrationdata store exposureddosdenial of servicedistributed attacksencryptioneuropeexploitation activityexploited hostfortioshackingidentity & access exploitationindicatorinformation technologyinjection activityipsec vpnipv4it infrastructurelog4jmalicious activitymalicious softwaremalwaremobile threatnetherlandsnetworknetwork securitynorth americapassword attackpassword attacksprocess injectionreconnaissanceremote accessresearchedscannersoftware developmentspamssl vpnt1021t1021.001t1055t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003threat actortor nodeunited statesunited states of americausvpnvpn ipweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
May 9May 9

Threat Activity Heatmap

· Peak: 2026-05-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
22
SIGNAL
Signal Score
22%
Confidence
7
Reports
First seenFeb 19, 2025
Last seenMay 9, 2026
GeolocationUS
CountryUnited States
LocationWashington, District of Columbia
ASNAS21859
OrgMullvad VPN AB
Coords52.3824, 4.8995
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.213.193.128 - 185.213.193.255 netname: MULLVA-185-213-193-128 country: US geoloc: 38.893716 -77.0969757 geofeed: https://www.prefixbroker.com/prefixbroker-geofeed.csv org: ORG-MVA42-RIPE admin-c: MVAA21-RIPE tech-c: MVAA21-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2024-12-12T09:28:50Z last-modified: 2024-12-12T09:28:50Z source: RIPE organisation: ORG-MVA42-RIPE org-name: Mullvad VPN AB org-type: OTHER address: Box 53049 address: SE-40014 Gothenburg address: Sweden abuse-c: MVAA21-RIPE mnt-ref: PREFIXBROKER-MNT mnt-by: PREFIXBROKER-MNT created: 2024-12-12T09:28:46Z last-modified: 2024-12-12T09:28:46Z source: RIPE # Filtered role: Mullvad VPN AB abuse handling address: Box 53049 address: SE-40014 Gothenburg address: Sweden nic-hdl: MVAA21-RIPE mnt-by: PREFIXBROKER-MNT created: 2024-12-12T09:28:46Z last-modified: 2024-12-12T09:28:46Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 185.213.193.0/24 origin: AS21859 mnt-by: PREFIXBROKER-MNT created: 2024-12-12T09:28:50Z last-modified: 2024-12-12T09:28:50Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 7 threat reports