IOC Radar
IPMediumSignal 38/100

45.147.97.11

Location
FranceFrance
Nice, Provence-Alpes-Côte d'Azur
ASN
AS62000
SERVERD
First Seen
Apr 16, 2026
Last Seen
Apr 23, 2026
Apr 16
First Seen
66d ago
Apr 23
Last Seen
59d ago
5
Reports
source reports
38%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Network Information

CountryFRFrance
RegionNice, Provence-Alpes-Côte d'Azur
ASNAS62000
OrganizationSERVERD

Feed Intelligence Summary

5 reports38% confidence
5
Source reports
38%
Confidence score
Category tags
active scanagentaptattackbackbad reputationcloudcontactdemodevtcpipportenumerateeuropeexploitation activityfrancegrephuntindicatoripv4kagentmalwaremarimonetworknkabusenkn blockchainpostgresqlpythonrebootresearchedreverse shellselectspacesstrongsysdigt1016t1021.004t1027.002t1033t1053t1053.003t1059.004t1059.006t1071.004t1082t1083t1090t1095t1105t1140t1190t1543.001t1543.002t1552.001t1571t1573.002targetthreat actortor node

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
5
Reports
First seenApr 16, 2026
Last seenApr 23, 2026
GeolocationFR
CountryFrance
LocationNice, Provence-Alpes-Côte d'Azur
ASNAS62000
OrgSERVERD
Coords48.8582, 2.3387

VirusTotal

Not checked

WHOIS

description
CC=FR ASN=AS62000 netrix sas
raw
inetnum: 45.147.96.0 - 45.147.99.255 netname: FR-NETRIXEMEA-20190830 country: FR org: ORG-NS396-RIPE admin-c: JGU-RIPE tech-c: JGU-RIPE status: ALLOCATED PA mnt-by: NETRIX-MNT mnt-by: RIPE-NCC-HM-MNT created: 2021-10-14T11:42:02Z last-modified: 2022-04-19T19:51:12Z source: RIPE organisation: ORG-NS396-RIPE org-name: SERVERD SAS country: FR org-type: LIR address: 10 rue de Penthi�vre address: 75008 address: Paris address: FRANCE phone: +33 1 89 16 05 45 fax-no: +33 1 89 16 05 41 admin-c: JGU-RIPE tech-c: JGU-RIPE abuse-c: SRVD-RIPE mnt-ref: NETRIX-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: NETRIX-MNT created: 2017-08-01T07:06:36Z last-modified: 2022-04-19T19:50:13Z source: RIPE # Filtered person: Jordan GUERDER address: SERVERD SAS address: ZAC Valgora - Building C address: 83160 La Valette Du Var address: France phone: +33422141372 nic-hdl: JGU-RIPE mnt-by: NETRIX-MNT mnt-by: NETRIX-MNT created: 2022-04-19T19:34:16Z last-modified: 2022-05-26T13:00:05Z source: RIPE # Filtered route: 45.147.97.0/24 origin: AS62000 mnt-by: NETRIX-MNT created: 2024-10-18T08:15:44Z last-modified: 2024-10-18T08:15:44Z source: RIPE
references
https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface, IOCs.2026.csv, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface#conclusion

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 5 threat reports