IPMediumSignal 100/100
185.73.124.238
Location
EstoniaTallinn, Harjumaa
ASN
AS210734
IPHOSTER OU
First Seen
May 29, 2024
Last Seen
Feb 16, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryEstonia
EstoniaRegionTallinn, Harjumaa
ASNAS210734
OrganizationIPHOSTER OU
Feed Intelligence Summary
15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
abuseactive scanningadvanced ipadversary simulation toolalphvaptasyncratbeaconbeaconing activityblackcatblackcat ransomwarebotnetc2c2 frameworkcensyscobalt strikecobalt-strikecobaltstrikecode executioncommand and controlcommand executioncredential accesscredential harvestingdata encryptiondata exfiltrationdcratdistributed attacksdll injectionestoniaeuropeextortiongithubgoogle adshak5_cloud_c2havochookbotimpactindicatorinfrastructure acquisitionreconnaissanceinitial accesslateral movementlateral movement techniqueslsassmalicious softwaremalicious tool usagemalvertisingmalwaremanualmetasploitmodelnetherlandsnetsupportratnetworknitrogennlnoberuspasspayload deliverypayload deploymentpayload generationpegasuspenetration testing toolphishing attackpost-exploitationpost-exploitation activitiesprocess injectionpsexecpythonransomwarereconnaissanceremcos trojanremote accessremote servicesresearchedsc minutesc onstartscannerserviceshadowshellshellcodesliversmilesocial engineeringsoftware exploitationsupershellsystem disruptionsystem tnt1003t1016t1018t1021t1021.001t1027t1036t1039t1041t1047t1048t1053t1055t1059t1059.001t1059.003t1068t1069t1070t1071t1071.001t1078t1083t1087t1090t1090.001t1098t1105t1110t1135t1189t1190t1203t1204t1210t1482t1486t1490t1496t1499.002t1499.003t1547t1555t1562t1565t1566t1566.001t1566.002t1566.003t1567t1569t1569.002t1570t1573t1573.001t1574t1587.001t1590.001t1595.001t1595.002t1595.003t1609twitter
Activity Timeline
Feb 16Feb 16
Threat Activity Heatmap
· Peak: 2026-02-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenMay 29, 2024
Last seenFeb 16, 2026
GeolocationEE
CountryEstonia
LocationTallinn, Harjumaa
ASNAS210734
OrgIPHOSTER OU
Coords59.4327, 24.7796
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 185.73.124.0 - 185.73.124.255 netname: Hosting-Service-Provider country: NL admin-c: AA45006-RIPE tech-c: AA45006-RIPE abuse-c: AA45006-RIPE status: ASSIGNED PA mnt-by: MNT-VLTDWELLER created: 2020-06-16T09:57:50Z last-modified: 2025-05-07T10:48:23Z source: RIPE role: abuse-c address: Kazakhstan, North Kazakhstan region, Gabita Musrepova district, Novoselovka village, Jambula street 21. abuse-mailbox: [email protected] nic-hdl: AA45006-RIPE mnt-by: soldatov-av-mnt created: 2025-04-26T11:01:20Z last-modified: 2025-05-09T12:55:52Z source: RIPE # Filtered route: 185.73.124.0/24 origin: AS209702 mnt-by: MNT-VLTDWELLER created: 2025-05-07T10:45:41Z last-modified: 2025-05-07T10:45:41Z source: RIPE
- references
- https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/, https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1887029996025221327, https://x.com/drb_ra/status/1887030012722749594, https://x.com/drb_ra/status/1887030796323521011, https://x.com/drb_ra/status/1887030815772524670, https://x.com/drb_ra/status/1887030835653603712, https://x.com/drb_ra/status/1887030918335836546, https://x.com/drb_ra/status/1887030939336733030, https://x.com/drb_ra/status/1887030961100955692, https://x.com/drb_ra/status/1887030980973584834, https://x.com/drb_ra/status/1887031001500582089, https://x.com/drb_ra/status/1887031021817757894, https://x.com/drb_ra/status/1887031042223096264, https://x.com/drb_ra/status/1887031063639134718, https://x.com/drb_ra/status/1887031089069195440, https://x.com/drb_ra/status/1887031111231950989, https://x.com/drb_ra/status/1887031131142263177, https://x.com/drb_ra/status/1887031150918398284, https://x.com/drb_ra/status/1887031169574707677, https://x.com/drb_ra/status/1887031189560516998, https://x.com/drb_ra/status/1887031209689071665, https://x.com/drb_ra/status/1887094402654392811, https://x.com/drb_ra/status/1887094419628741115, https://x.com/drb_ra/status/1887094438230413444, https://x.com/drb_ra/status/1887094456869924986, https://x.com/drb_ra/status/1887094475459076356, https://x.com/drb_ra/status/1887094491569369368, https://x.com/drb_ra/status/1887094510519247276, https://x.com/drb_ra/status/1887096543481647172, https://x.com/drb_ra/status/1887096563098329147, https://x.com/drb_ra/status/1887211166511813088, https://x.com/drb_ra/status/1887211182932574558, https://x.com/drb_ra/status/1887211292437459150, https://x.com/drb_ra/status/1887211346959159311, https://x.com/drb_ra/status/1887211364692672634, https://x.com/drb_ra/status/1887211382241706064, https://x.com/drb_ra/status/1887211398259782074, https://x.com/drb_ra/status/1887211414655492396, https://x.com/drb_ra/status/1887211414793724084, https://x.com/drb_ra/status/1887211425682051151, https://x.com/drb_ra/status/1887211431524696573, https://x.com/drb_ra/status/1887211445923782728, https://x.com/drb_ra/status/1887211456334106923, https://x.com/drb_ra/status/1887211473090293799, https://x.com/drb_ra/status/1887211498025414916, https://x.com/drb_ra/status/1887211502240682291, https://x.com/drb_ra/status/1887211514655801709, https://x.com/drb_ra/status/1887211552660496466, https://x.com/drb_ra/status/1887211647338504333, https://x.com/drb_ra/status/1887211948233630106, https://x.com/drb_ra/status/1887211965925249419, https://x.com/drb_ra/status/1887211983079916028, https://x.com/drb_ra/status/1887212000930939297, https://x.com/drb_ra/status/1887241827029328200, https://x.com/drb_ra/status/1887241846436597999, https://x.com/drb_ra/status/1887241863892996366, https://x.com/drb_ra/status/1887242381356847122, https://x.com/drb_ra/status/1887242400537473166, https://x.com/drb_ra/status/1887242419839902157, https://x.com/drb_ra/status/1887248999973069267, https://x.com/drb_ra/status/1887249018356383944, https://x.com/drb_ra/status/1887249036102525222, https://x.com/drb_ra/status/1887249054721273949, https://x.com/drb_ra/status/1887249073851248885, https://x.com/drb_ra/status/1887249092343988666, https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/?s=31, https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/#detections, https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/#indicators
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 4 months ago
Appeared in 15 threat reports