IOC Radar
IPMediumSignal 58/100

185.254.75.38

Location
GermanyGermany
Düsseldorf, North Rhine-Westphalia
ASN
AS43357
Mullvad VPN AB
First Seen
May 19, 2021
Last Seen
Jun 17, 2026
May 19
First Seen
1860d ago
Jun 17
Last Seen
5d ago
13
Reports
source reports
58%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryDEGermany
RegionDüsseldorf, North Rhine-Westphalia
ASNAS43357
OrganizationMullvad VPN AB

IP Category

VPN
VPN exit node

Feed Intelligence Summary

13 reports58% confidence
13
Source reports
58%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcecommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingdarkforumsdata exfiltrationdata store exposureddosdedecoy systemdenial of servicedionaea honeypotdistributed attackseuropeexploitation activityftpgermanyhackingidentity & access exploitationinformation technologyinitial accessinjection activityit infrastructuremalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork scanningnetwork securitypassword attacksprocess injectionproxyreconnaissanceresearchedresource hijackingscannersecurity policysentrypeer botnetsftp attacksip attackssoftware developmentsshssh attackssh monitoringt1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1565t1583t1583.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat intelligencethreat preventiontor nodevoipvoip attackvpnvpn ipweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
13
Reports
First seenMay 19, 2021
Last seenJun 17, 2026
GeolocationDE
CountryGermany
LocationDüsseldorf, North Rhine-Westphalia
ASNAS43357
OrgMullvad VPN AB
Coords51.2277, 6.7735
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.254.75.0 - 185.254.75.255 netname: MULLVAD-185-254-75-0 country: DE geoloc: 51.267301 6.81752 descr: Mullvad VPN org: ORG-MVA21-RIPE admin-c: MVA240-RIPE tech-c: MVA240-RIPE status: ASSIGNED PA mnt-by: xtom created: 2021-01-05T18:39:26Z last-modified: 2021-01-05T18:39:26Z source: RIPE organisation: ORG-MVA21-RIPE org-name: Mullvad VPN AB org-type: OTHER address: Box 53049 address: Gothenburg, 40014 address: Sweden abuse-c: MVA240-RIPE mnt-ref: xtom mnt-by: xtom created: 2021-01-05T18:36:58Z last-modified: 2021-01-05T18:36:58Z source: RIPE # Filtered role: Mullvad VPN AB address: Box 53049, SE-40014 Gothenburg address: Sweden abuse-mailbox: [email protected] nic-hdl: MVA240-RIPE mnt-by: xtom created: 2021-01-05T18:35:36Z last-modified: 2021-01-05T18:35:36Z source: RIPE # Filtered route: 185.254.75.0/24 origin: AS3214 mnt-by: xtom created: 2024-12-23T14:29:54Z last-modified: 2024-12-23T14:29:54Z source: RIPE route: 185.254.75.0/24 origin: AS3258 mnt-by: xtom created: 2024-12-23T14:29:55Z last-modified: 2024-12-23T14:29:55Z source: RIPE route: 185.254.75.0/24 descr: Mullvad origin: AS43357 mnt-by: xtom created: 2022-12-21T19:24:49Z last-modified: 2022-12-21T19:29:42Z source: RIPE route: 185.254.75.0/24 origin: AS4785 mnt-by: xtom created: 2024-12-23T14:29:55Z last-modified: 2024-12-23T14:29:55Z source: RIPE route: 185.254.75.0/24 origin: AS6233 mnt-by: xtom created: 2024-12-23T14:29:55Z last-modified: 2024-12-23T14:29:55Z source: RIPE route: 185.254.75.0/24 origin: AS8888 mnt-by: xtom created: 2024-12-23T14:29:55Z last-modified: 2024-12-23T14:29:55Z source: RIPE route: 185.254.75.0/24 origin: AS9312 mnt-by: xtom created: 2024-12-23T14:29:55Z last-modified: 2024-12-23T14:29:55Z source: RIPE route: 185.254.75.0/24 origin: AS949 mnt-by: xtom created: 2024-12-23T14:29:54Z last-modified: 2024-12-23T14:29:54Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 days ago
Appeared in 13 threat reports