IOC Radar
IPMediumSignal 42/100

37.228.129.128

Location
FinlandFinland
Warsaw, Mazovia
ASN
AS200651
FlokiNET Finland
First Seen
Feb 20, 2023
Last Seen
Jun 5, 2026
Feb 20
First Seen
1210d ago
Jun 5
Last Seen
8d ago
26
Reports
source reports
42%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryFIFinland
RegionWarsaw, Mazovia
ASNAS200651
OrganizationFlokiNET Finland

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

26 reports42% confidence
26
Source reports
42%
Confidence score
Category tags
access controlactive scanactive scanningaerospace & defenseanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapplication layer protocolattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanauthentication attemptsauto-generated securityautomated network attacksautomated_attackautomotive manufacturingbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcecivil servicescommand and controlcommunication protocolcredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcyber securitydarkforumsdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attackselectronics manufacturingencryptionenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploitexploitation activityexploited hostexternal threatfailed login attemptsfifinlandfireholfranceftpftp brute forceftp_attemptsftp_brute_forcegermanygovernment technologyhackinghoneynet connecthttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkidentity & access exploitationindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksiociot securityit infrastructurelateral movementlogin attemptmalicious activitymalicious softwaremalicious_activitymalicious_ip_activitymalwaremalware distributionmanualmanufacturing technologymilitary operationsnational securitynetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenextraynorth americapassword attackpassword attacksphishingphishing attackpolandpossible credential stuffingpossible reconnaissancepotential botnet activityprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policyquality controlransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityregulatory agenciesremote accessremote servicesresearchedscannerscanning activitysecurity operationssecurity policysecurity_eventservice discoveryservice enumerationservice scanservice scanningsmb brute forcesmtpsmtp brute forcesocial engineeringsoftware developmentspamspamhausssh attackssh_attemptsssh_brute_forcesupply chain attacksupply chain managementsuspected malicious activitysyn scant1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1564.003t1565t1566.001t1566.002t1566.003t1572t1583t1583.001t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threattelnet_attemptsthreat actorthreat infrastructurethreat intelligencethreat preventionthreat-actor:unattributedthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtortor activitytor exit nodetor networktor network activitytor nodetor_exit_nodetpotudp scanunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanvulnerability-exploitationweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
26
Reports
First seenFeb 20, 2023
Last seenJun 5, 2026
GeolocationFI
CountryFinland
LocationWarsaw, Mazovia
ASNAS200651
OrgFlokiNET Finland
Coords60.1717, 24.9349
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 37.228.129.0 - 37.228.129.255 netname: FlokiNET-Finland country: FI admin-c: KW2939-RIPE tech-c: KW2939-RIPE status: ASSIGNED PA mnt-by: sc-flokinet-ltd-1-mnt created: 2019-08-28T22:48:31Z last-modified: 2019-08-28T22:48:31Z source: RIPE person: FlokiNET Ltd address: Bel Ombre Rd. P.5057 address: NA address: Beau Vallon address: Seychelles phone: +358942458241 nic-hdl: KW2939-RIPE mnt-by: sc-flokinet-ltd-1-mnt created: 2016-08-26T07:19:06Z last-modified: 2019-11-20T15:12:16Z source: RIPE route: 37.228.129.0/24 origin: AS200651 mnt-by: sc-flokinet-ltd-1-mnt mnt-by: FlokiNET created: 2017-07-12T16:07:13Z last-modified: 2017-07-12T16:07:13Z source: RIPE
references
https://raw.githubusercontent.com/platformbuilds/Tor-IP-Addresses/refs/heads/master/tor-exit-nodes.lst, https://check.torproject.org/torbulkexitlist

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 8 days ago
Appeared in 26 threat reports