IPMediumSignal 53/100
195.222.57.183
Location
Bosnia and HerzegovinaSarajevo, BIH
ASN
AS9146
ServeriWebTV
First Seen
Jul 17, 2023
Last Seen
Jun 7, 2026
Jul 17
First Seen
1061d ago
Jun 7
Last Seen
4d ago
26
Reports
source reports
53%
Confidence
medium
10/91
VirusTotal
detections
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBosnia and Herzegovina
Bosnia and HerzegovinaRegionSarajevo, BIH
ASNAS9146
OrganizationServeriWebTV
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
26 reports53% confidence
26
Source reports
53%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount enumerationaccount lockoutactive scanactive scanningadresse ipaptasiaatif feedattackauthentication abuseauthentication attackauthentication bypassauthentication-failureauto-generated securityazure adbabad reputationbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbosnia and herzegovinabotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcec2 communicationc2 servercloud environmentcloud infrastructurecloud securitycommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffingcredential-dumpingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedistributed attackseuropeexploitation activityexploited hostexternal remote servicesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocit infrastructurelateral movementlogin attacklogin attemptlogin attemptslogin brute forcemail servermalaysiamalicious activitymalicious ip addressesmalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedrtbhsaslsasl authenticationsasl brute forcescannerscannersscanning activitysecurity operationssecurity policyservice scansftpsftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583.006t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tcptcp brute forcetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited statesvalid accountsvpnvpn ipvulnerability scanwealth managementweb app attackweb application attackweb exploitationweb spam
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
26
Reports
First seenJul 17, 2023
Last seenJun 7, 2026
GeolocationBA
CountryBosnia and Herzegovina
LocationSarajevo, BIH
ASNAS9146
OrgServeriWebTV
Coords44.6846, 18.0521
VPN
WHOIS
- description
- Real-time Intercept: SMTP attack. Reference: 2026-05-31 03:57:27.9249 Login failure: 195.222.57.183 SMTP
- raw
- inetnum: 195.222.57.176 - 195.222.57.191 netname: ServeriWebTV descr: Public Enterprise BH Telecom DD country: BA admin-c: BTC26-RIPE tech-c: BTC26-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: BIHNET-DNS created: 2003-03-21T08:31:04Z last-modified: 2021-02-03T14:51:29Z source: RIPE # Filtered role: BH TELECOM CONTACTS address: Zmaja od Bosne 88 admin-c: VH1908-RIPE admin-c: SH2024 admin-c: VC930-RIPE tech-c: VC930-RIPE tech-c: SH2024 tech-c: VH1908-RIPE nic-hdl: BTC26-RIPE mnt-by: BIHNET-DNS created: 2021-02-01T12:58:30Z last-modified: 2025-07-28T12:10:10Z source: RIPE # Filtered route: 195.222.56.0/21 descr: BiHNet subnet #4 origin: AS9146 mnt-by: BIHNET-DNS created: 2003-05-23T09:32:17Z last-modified: 2003-05-23T09:32:17Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 4 days ago
Appeared in 26 threat reports