IOC Radar
IPMediumSignal 72/100

194.165.16.164

Location
LithuaniaLithuania
Kaunas, Kaunas
ASN
AS48721
Flyservers S.A
First Seen
Jul 21, 2023
Last Seen
Jun 8, 2026
Jul 21
First Seen
1055d ago
Jun 8
Last Seen
2d ago
30
Reports
source reports
72%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Network Information

CountryLTLithuania
RegionKaunas, Kaunas
ASNAS48721
OrganizationFlyservers S.A

IP Category

VPN
VPN exit node

Feed Intelligence Summary

30 reports72% confidence
30
Source reports
72%
Confidence score
Category tags
abuseaccessaccess attemptsaccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessaffiliate programakiraalienvault_ransomwareanomalous network connectionsapiapplication-compromiseaptapt38asiaasyncratattackattack sourceattacker-ipaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureautomotive manufacturingbackdoorbad reputationbad web botbankingbebelgiumblock listblock.txtblocklist_allblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 servercajachatchina mobilecloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecloud_infrastructurecobalt strikecolumnscommand & controlcommand and controlcommand executioncommentcommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemscowriecredential accesscredential harvestingcredential stuffingcredit card servicesctacyber campaigncyber extortiondaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata leakdata manipulation attemptsdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevmandigital oceandigitalocean ipdistributed attackseasyelectronics manufacturingencryptencryptionenumerationesxieuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploited hostexternal_threatextortionfinancefinancial servicesfinancial technologyfinlandfirewall exploitationfranceftpftp brute forceftp brute-forcegermanyglasswormgroupgroupshackinghk abusehandlerhoneynet connecthong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshunterhurricane usidentity & access exploitationimapimap attackindicatorindustrial automationindustrial iotindustrial productioninitial accessinjection activityinjection attacksinternet of thingsinternet-scanningintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4-scanningipv4_activityirankill-chain exploitationkill-chain reconnaissancekorea, democratic people's republic oflateral movementlazaruslinuxlithuanialockbitloginlogin attacklogin attemptlogin enumerationlow-riskltmalaysiamalicious activitymalicious hostmalicious ipmalicious ip activitymalicious login attemptsmalicious network activitymalicious softwaremalicious trafficmalwaremalware distributionmanufacturing sectormanufacturing technologymass-scanningmedia & entertainmentmegamiraimirai botnetmobile threatmonacomulti-cloud managementmulti-vector threat campaignnetherlandsnetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_discoverynorth americaoceaniaopencanaryopenctioperating systemoperating system securityoperation camelcloneosintpanamapassword attackpassword attackspassword sprayingpayment processingpetroleum sectorpgp signphishingphishing attackpngpolandportscanpossible botnet activitypossible ddos preparationpossible malware distributionpotential intrusionpotential threat actorpotential vulnerability scanpre-attackprivilege escalationprobingprocess injectionprocess manufacturingprotocol exploitationpsexecqakbotquality controlransom noteransomwareraspberry-pirdprdp misconfigurationreconnaissancereconnaissance activityredisredis-cliremote accessremote access attemptsremote servicesresearchedscanscannerscanner ipscannersscanning activityscriptsecurity operationssecurity policyserverserver exploitationserviceservice enumerationservice scanshisashisa ransomwaresipslugsmb brute forcesmtpsmtp attackersmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsouth americaspamspyware-ratsql injectionsshssh attackstatssupply chain attacksupply chain managementsurface websuspicious-udpsystem discoverysystem disruptiont1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1033t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1065t1068t1069.001t1070.004t1071t1071.001t1076t1078t1082t1083t1087t1088t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1115t1133t1140t1187t1189t1190t1203t1210t1217t1480t1486t1490t1496t1499.001t1499.002t1499.003t1505.004t1548.002t1550t1550.003t1555t1561.002t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1573t1573.001t1583.001t1588t1588.002t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetcptcp protocoltcp scantechnology sectortelecommunicationstelnettelnet threattengutengu ransomwaretengu ransomware groupthreatthreat actorthreat actor activitythreat feedthreat groupthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodeudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunited kingdomunited statesunknown threat actorus abuseus ip addressus noneus source ipvalid accountsvalidatorvncvnc protocolvoid#geistvoidtrapvoipvpnvpn ipvulnerability scanvulnerability-scanningwealth managementweb app attackweb application attackweb exploitationweb scannerweb spamweb trafficwebscanwebscannerwinwindowsxamzexpires300yarayara rulezero-day exploit

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
30
Reports
First seenJul 21, 2023
Last seenJun 8, 2026
GeolocationLT
CountryLithuania
LocationKaunas, Kaunas
ASNAS48721
OrgFlyservers S.A
Coords43.7312, 7.4138
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 194.165.16.0 - 194.165.17.255 netname: PA-FLYSERVERS country: EU org: ORG-FS255-RIPE admin-c: FGNO1-RIPE tech-c: FGNO1-RIPE status: ASSIGNED PI mnt-by: mnt-pa-flyservers-1 mnt-by: RIPE-NCC-END-MNT created: 2021-12-15T13:46:35Z last-modified: 2021-12-15T17:17:28Z source: RIPE organisation: ORG-FS255-RIPE org-name: Flyservers S.A. country: PA org-type: LIR address: 50th Street, Global Bank Tower, Suite 1801 address: 0831-2482 address: Panama City address: PANAMA phone: +5078321840 admin-c: FGNO1-RIPE mnt-ref: Mnets-Admin tech-c: FGNO1-RIPE abuse-c: FGNO1-RIPE mnt-ref: mnt-pa-flyservers-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-pa-flyservers-1 created: 2018-12-04T17:00:47Z last-modified: 2022-02-01T07:35:14Z source: RIPE # Filtered role: FLYSERVERS GLOBAL NETWORK OPERATION CENTRE address: 50th Street, Global Bank Tower, Suite 1801 address: Panama abuse-mailbox: [email protected] nic-hdl: FGNO1-RIPE mnt-by: mnt-pa-flyservers-1 created: 2021-02-10T10:06:27Z last-modified: 2021-02-10T10:06:27Z source: RIPE # Filtered route: 194.165.16.0/24 origin: AS48721 mnt-by: mnt-pa-flyservers-1 created: 2021-12-15T17:18:44Z last-modified: 2021-12-15T17:18:44Z source: RIPE
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 days ago
Appeared in 30 threat reports