IOC Radar
IPMediumSignal 66/100

185.40.4.38

Location
Russian FederationRussian Federation
Oslo, Vestfold og Telemark
ASN
AS205090
First Server Limited
First Seen
Aug 6, 2024
Last Seen
Apr 5, 2026
Aug 6
First Seen
676d ago
Apr 5
Last Seen
69d ago
32
Reports
source reports
66%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

92 techniques

Network Information

CountryRURussian Federation
RegionOslo, Vestfold og Telemark
ASNAS205090
OrganizationFirst Server Limited

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

32 reports66% confidence
32
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount brute forceactive scanactive scanningadbhoney honeypotalienvault_ransomwareanonymity network abuseantispamapacheapache attackerattackauthentication attackauthentication bypassauto-generated securitybad reputationbad web botblacklisted domainblacklisted ipblacklisted urlbotnetbotnet activitybotnet c2botnet communicationbrute forcebrute force attackbrute force attemptsbrute_forcec2 communicationcertcisacisa advisorycisco devicecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised system detectioncontactcowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftcredential_accessctacve-20cybercyboxd brokerdbdata exfiltrationdata store exposuredb brokerdb accessddosddos activityddos attackdecoy systemdenial of servicedevice managementdga domaindionaea honeypotdistributed attacksdns attackenterprise networkingenumerationeuropeeurope/asiaexfiltrationexit nodeexploitation activityexploitation of pgpasswordexploited hostfileobjfinlandfireholfranceftpftp brute forcegermanygogogsbadmin credential compromisehackinghashhasheshoneynet connecthoneytrap honeypothttp brute forcehttp communicationhttp scannerhttps communicationidentity & access exploitationimapindicatorindustries/all industriesinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinstallipv4irc communicationivanti cloudivanti connect secureivanti epmmivanti policy securelamplateral movementlocallog4jlogin attemptmalicious activitymalicious domainsmalicious downloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmatrixnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork_reconnaissancenonorth americanorwayobjectp2p communicationpassword attackpassword attackspersistence mechanismspgpasswordpgsqlpwphishingphishing attackpolandpossible ddos activityprivilege escalationprocess injectionprotocol exploitationproxyproxy abuseproxy ipspsexecpythonransomwarerce vulnerabilityreconnaissanceredacted gsbremote accessremote code executionremote servicesresearchedresource hijackingrurussiarussian federationscannerscanning activitysecurity operationssecurity policysentrypeer botnetservice scanseychellessftp attacksmallsmb brute forcesmb scanningsmtpsmtp brute forcesocial engineeringsoftware exploitationspamspam botspamhausssh attackssh monitoringstixstrongsyn scant1003t1003.001t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1027.003t1029t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.003t1071.004t1076t1078t1078.004t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1199t1203t1204t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1543.003t1547.001t1548t1550.002t1552t1555.003t1556t1563t1564t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569t1569.002t1571t1572t1573t1573.001t1573.002t1583.001t1587.001t1588t1588.002t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventionthreattype/credential theftthreattype/remote code executionthreattype/vulnerability exploitationthreattype/webshell deploymenttitletoolstortor activitytor exittor exit nodetor networktor nodeu gsbadminudp scanunauthorized access attemptunited statesupgradeusvirgin islands, britishvoipvoip attackvpnvpn ipvulnerabilitiesvulnerability scanweb application attackweb exploitationweb spamweb trafficwebshell deploymentzerozero-day vulnerability

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
32
Reports
First seenAug 6, 2024
Last seenApr 5, 2026
GeolocationRU
CountryRussian Federation
LocationOslo, Vestfold og Telemark
ASNAS205090
OrgFirst Server Limited
Coords55.9155, 37.8263
ProxyVPN

VirusTotal

Not checked

WHOIS

description
tor search result.
raw
inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT source: AFRINIC # Filtered parent: 0.0.0.0 - 255.255.255.255 organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC # Filtered role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: TEAM-AFRINIC tech-c: TEAM-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. remarks: data has been transferred from RIPE Whois Database 20050221 mnt-by: AFRINIC-DB-MNT source: AFRINIC # Filtered
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://labs.inquest.net/iocdb, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications_0.pdf, https://www.ic3.gov/CSA/2025/250122.pdf, https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf, https://iplists.firehol.org/?ipset=tor_exits, Exit_Nodes.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 32 threat reports