IPMediumSignal 40/100

`195.47.238.50`

Location

Sweden

Stockholm, Stockholm County

ASN

AS30893

No ACK Group Holding AB

First Seen

Dec 20, 2025

Last Seen

Jun 3, 2026

Dec 20

First Seen

176d ago

Jun 3

Last Seen

10d ago

Reports

source reports

40%

Confidence

medium

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

40%

Signal Score

40 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

48 techniques

Network Information

Country

Sweden

RegionStockholm, Stockholm County

ASNAS30893

OrganizationNo ACK Group Holding AB

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

16 reports40% confidence

Source reports

40%

Confidence score

Category tags

abuseaccess controlactive scanactive scanninganonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapplication layer protocolaptattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication attemptsautomated network attacksautomated_attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcecommand and controlcommunication protocolcompromised system detectioncowriecowrie honeypotcredential accesscredential attackcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedionaeadionaea honeypotencryptionenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit node threatexploitexploit kit activityexploitation activityexploited hostexternal threatfailed login attemptsfattftpftp brute forceftp_attemptsftp_brute_forcehackinghoneytrap honeypothttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkidentity & access exploitationindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksintrusion detectioniocit infrastructurelateral movementmailoney honeypotmalicious activitymalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware deliverynetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissanceoceaniaopen proxyp0fpassword attackpassword attacksphishingphishing attackphishing trappossible credential stuffingpossible reconnaissancepotential botnet activitypotential data exfiltrationprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy networkproxy serverproxy serversransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssesecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetservice discoveryservice enumerationservice scanservice scanningsmtpsmtp brute forcesoftware developmentspamsshssh attackssh monitoringssh_attemptsssh_brute_forcesuspected malicious activityswedensyn scant1016t1018t1021t1021.001t1021.002t1040t1046t1059t1059.003t1059.007t1071t1071.001t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1563t1564.003t1583t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scanningtelnet threattelnet_attemptsthreat actorthreat detectionthreat infrastructurethreat intelligencethreat preventionthreat-actor:unattributedthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtortor networktor network activitytor nodetor_exit_nodetpotunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunknown threat actorvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

40%

Confidence

Reports

First seenDec 20, 2025

Last seenJun 3, 2026

GeolocationSE

CountrySweden

LocationStockholm, Stockholm County

ASNAS30893

OrgNo ACK Group Holding AB

Coords59.3247, 18.0560

ProxyVPN

VirusTotal

Not checked

WHOIS

description: tor search result.
raw: inetnum: 195.47.238.0 - 195.47.238.255 netname: SE-NOACKHOSTING descr: Information: Most of this subnet is used for tor-exit related services. country: SE org: ORG-NAHA3-RIPE admin-c: NOC257-RIPE tech-c: NOC257-RIPE remarks: Geofeed https://no-ack.se/geofeed.csv status: ASSIGNED PI mnt-by: MNT-NOACKHOSTING mnt-by: RIPE-NCC-END-MNT created: 2021-06-24T09:16:11Z last-modified: 2026-02-20T08:16:25Z source: RIPE organisation: ORG-NAHA3-RIPE org-name: No ACK Group Holding AB country: SE org-type: LIR address: C/o minpostbox 1229 Brahegatan 1 address: 41514 address: Goteborg address: SWEDEN phone: +46850006166 admin-c: MK20951-RIPE tech-c: MK20951-RIPE abuse-c: AR43808-RIPE mnt-ref: MNT-NOACKHOSTING mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-NOACKHOSTING created: 2017-11-09T08:46:23Z last-modified: 2025-09-26T12:15:26Z source: RIPE # Filtered role: Network Operations Center address: No Ack Group Holding AB, c/o minpostbox 1229 address: Brahegatan 1, 415 14 Goteborg, Sweden mnt-by: MNT-NOACKHOSTING admin-c: SP16787-RIPE tech-c: SP16787-RIPE nic-hdl: NOC257-RIPE abuse-mailbox: [email protected] created: 2017-09-23T15:19:56Z last-modified: 2025-09-26T12:16:34Z source: RIPE # Filtered route: 195.47.238.0/24 descr: No Ack Hosting AB origin: AS30893 mnt-lower: MNT-NOACKHOSTING mnt-routes: MNT-NOACKHOSTING mnt-by: MNT-NOACKHOSTING created: 2004-01-21T15:06:46Z last-modified: 2021-06-24T09:32:07Z source: RIPE
references: https://ltna.com.au/cyber

`195.47.238.50`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy