IPMediumSignal 51/100
195.123.233.55
Location
United StatesSecaucus, New Jersey
ASN
AS204957
Green Floid LLC
First Seen
Jan 30, 2021
Last Seen
Jun 2, 2026
Jan 30
First Seen
1962d ago
Jun 2
Last Seen
12d ago
7
Reports
source reports
51%
Confidence
medium
4/91
VirusTotal
detections
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSecaucus, New Jersey
ASNAS204957
OrganizationGreen Floid LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
7 reports51% confidence
7
Source reports
51%
Confidence score
Category tags
aa24-131aabuseacademic institutionsaccount compromiseactive scananydeskaptaustraliabad reputationbatloaderbecbestflowers.jsonbghbitsblack bastablackbastablackbasta ransomware activitybotnetbotnet activitybrand impersonationbrute forcebusiness email compromisec++c2c2 servercanadachacha20cisacivil servicescobalt strikecode executioncommandcommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialsconticoroxycredential accesscredential harvestingcredential phishingcredential stuffingcredential theftcredential-harvestingcredential_theftcritical infrastructurecyber threatsdata breachdata encryptiondata exfiltrationdata leakdata store exposuredeceptive practicesdetection and responsedistributed attacksdouble extortioneducational resourceseducational serviceseducational technologyelectronic health recordsemail-based attackemail-borne threatemail-spoofingemergency servicesemergent threat responseemotetencryptionevilproxyexecutable fileexploitation activityextortionfilefinancefinance and insurancefinancial servicesfrancefraudgermanygovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhttpsidentity & access exploitationidentity theftimapindicatorinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityiocit teamitalyjapank-12 educationlateral movementlegallink injectionlink redirectionlink spoofinglinuxmalicious attachmentmalicious domainmalicious filemalicious linkmalicious linksmalicious powershell activitymalicious softwaremalwaremalware deliverymalware distributionmanualmediamedical servicesnetcatnetsupport managernetworknew zealandnopacnorth americaoperating systempatient carephishingphishing activityphishing attackphishing campaignphishing kitphishing-databasepinkslipbotprivilege escalationprocess injectionproxypsexecpublic administrationpublic infrastructurepublic policyqakbotqbotquick assistraasransomwarerapid7rcloneregulatory agenciesresearchedretail tradersa-4096scamscams & fraudscripting attackssecurity operationsserviceshellsmtpsocial engineeringsoftware exploitationspamstorm-1811strongsystem disruptiont1001t1003t1003.001t1003.003t1003.004t1003.007t1005t1007t1012t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1025t1027t1027.002t1027.003t1033t1036t1036.001t1036.002t1036.003t1036.004t1036.005t1036.006t1036.007t1041t1046t1047t1049t1053t1053.001t1053.002t1053.003t1053.004t1053.005t1053.007t1055t1055.001t1055.002t1055.003t1055.004t1055.008t1055.011t1055.012t1055.013t1056t1056.001t1056.003t1056.004t1057t1059t1059.001t1059.002t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1070.004t1070.005t1070.006t1070.007t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1090t1095t1098t1098.001t1098.002t1098.003t1102t1102.001t1102.002t1102.003t1105t1106t1110t1110.001t1110.002t1110.003t1112t1113t1133t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1136t1136.001t1136.002t1136.003t1140t1185t1187t1189t1190t1192t1195t1197t1202t1203t1204t1204.001t1204.002t1213t1213.001t1213.002t1213.003t1218t1222t1486t1489t1490t1496t1497t1498t1499.001t1499.002t1499.003t1531t1534t1537t1539t1543t1543.001t1543.002t1543.003t1543.004t1543.005t1546t1546.001t1546.002t1546.003t1546.004t1546.005t1546.006t1546.007t1546.008t1546.009t1546.010t1546.011t1546.012t1546.013t1546.014t1546.015t1547t1547.001t1547.009t1550t1550.001t1550.002t1550.003t1550.004t1552t1555t1555.003t1555.004t1560t1562t1562.001t1562.002t1562.003t1562.004t1564t1564.001t1564.002t1564.003t1564.004t1564.005t1564.006t1564.007t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1568t1569t1569.002t1570t1571t1572t1573t1574t1574.001t1574.002t1574.004t1574.005t1574.006t1574.008t1574.009t1574.010t1574.011t1583t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1588.007t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1591t1591.001t1591.002t1591.003t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004threat actorthreat intelligencethreat_intelligencetor nodetrickbotunited statesurgent requestususer_executionvmware esxivoicevulnerability scanwandering spiderweb securityweb trafficwebdavwinscpwizard spiderwmi
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, represents a significant and immediate threat to organizational cybersecurity. With a high threat score of 50.6 and a clear malicious whitelist status of 'No', it is actively associated with sophisticated ransomware groups and advanced persistent threat (APT) actors known for aggressive and impactful campaigns. The presence of this IP address in network logs or security telemetry strongly indicates a potential compromise, likely involving remo…
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
7
Reports
First seenJan 30, 2021
Last seenJun 2, 2026
GeolocationUS
CountryUnited States
LocationSecaucus, New Jersey
ASNAS204957
OrgGreen Floid LLC
Coords40.7876, -74.0600
Proxy
WHOIS
- description
- Phishing indicators. Date: Apr 8, 2026. Part 2/566. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- NetRange: 195.0.0.0 - 195.255.255.255 CIDR: 195.0.0.0/8 NetName: RIPE-CBLK3 NetHandle: NET-195-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 1996-03-25 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/195.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN RTechHandle: RIPE-NCC-ARIN RTechName: RIPE NCC Hostmaster RTechPhone: +31 20 535 4444 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/RIPE-NCC-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 12 days ago
Appeared in 7 threat reports