IOC Radar
IPMediumSignal 59/100

64.190.76.2

Location
United StatesUnited States
Turin, Piedmont
ASN
AS214094
Davide Silvetti trading as 'Association Osservatorio Nessuno ODV'
First Seen
Dec 9, 2024
Last Seen
Jun 14, 2026
Dec 9
First Seen
561d ago
Jun 14
Last Seen
9d ago
34
Reports
source reports
59%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryUSUnited States
RegionTurin, Piedmont
ASNAS214094
OrganizationDavide Silvetti trading as 'Association Osservatorio Nessuno ODV'

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

34 reports59% confidence
34
Source reports
59%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyantispamapacheapache attackerapplication layer protocolaptattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanattacker ipattacker ip: confirmedattacker-ipauthentication attemptauthentication attemptsauto-generated securityautomated attacksautomated network attacksautomated_attackbad reputationbad web botblacklisted domainblacklisted ipblacklisted urlblocklist_allbotnetbotnet activitybotnet c2botnet communicationbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2 communicationcisco asacisco asa targetingcisco devicecisco device attackcisco exploitation attemptscode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised credentials attemptcompromised system detectionconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential theftcredential_accesscredential_attackcredential_guessingcredential_stuffingctadarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase probingdatabase securityddosddos activityddos attackddos participationdecoy systemdenial of servicedevice managementdga domaindionaeadionaea activitydionaea attacksdionaea honeypotdistributed attacksdns attackelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploit activityexploit attemptexploitationexploitation activityexploited hostexternal threatfailed authenticationfailed login attemptsfattfilefinlandfireholfranceftpftp brute forceftp protocolftp_attemptsftp_brute_forcegermanyhackingheralding activityhoneynet connecthoneytrap datahoneytrap honeypothttp attackhttp brute forcehttp communicationhttp scannerhttp scanninghttp/shttp_httpshttpshttps communicationi2p networkics securityidentity & access exploitationindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksintrusion detectioniociot securityiot targetediot/ics attackirc communicationitit infrastructureitalylamplamp attacklamp exploitation attemptlamp exploitation attemptslamp server attacklamp stack exploitationlamp stack targetinglateral movementlog4jlogin attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious domainmalicious domainsmalicious file transfermalicious ip activitymalicious login attemptsmalicious network activitymalicious payload attemptmalicious softwaremalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware delivery attemptmalware detectionmalware distributionmanualnetworknetwork attacksnetwork device attacksnetwork device probingnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenorth americaopen proxyopportunistic attackp0fp2p communicationpassword attackpassword attackspassword sprayingphishingphishing attackphishing trappolandpossible credential stuffingpossible ddos activitypossible malware distributionpossible mirai variantpossible reconnaissancepotential botnet activitypotential credential compromisepotential malicious activitypotential malware uploadprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy ipsproxy networkproxy serverproxy serversransomwarerdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote access attemptsremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp attacksftp attacksshellsip attackssip brute forcesip scansip scanningsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamspam botspamhaussql injectionsshssh attackssh monitoringssh protocolssh_attemptsssh_brute_forcesuspected malicious activitysyn scant1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1029t1040t1041t1046t1053.005t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1071.002t1071.003t1071.004t1076t1077t1078t1078.001t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1569t1569.002t1571t1572t1573t1573.001t1573.002t1583t1583.001t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_attemptstftpthreat actorthreat detectionthreat infrastructurethreat intelligencethreat preventionthreat-actor:unattributedthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtortor activitytor exittor exit nodetor networktor network activitytor nodetor_exit_nodetpotudp port scanudp scanunattributed threat actorunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited kingdomunited statesunknown threat actorvoidtrapvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb exploitationweb service scanningweb spamweb traffic

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
34
Reports
First seenDec 9, 2024
Last seenJun 14, 2026
GeolocationUS
CountryUnited States
LocationTurin, Piedmont
ASNAS214094
OrgDavide Silvetti trading as 'Association Osservatorio Nessuno ODV'
Coords37.7510, -97.8220
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 64.190.76.0 - 64.190.76.255 netname: OSSERVATORIO-NESSUNO country: IT org: ORG-ON69-RIPE sponsoring-org: ORG-TNS21-RIPE admin-c: AA43879-RIPE tech-c: AA43879-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: OSSERVATORIO-NESSUNO-MNT created: 2024-10-23T13:26:30Z last-modified: 2024-10-23T13:26:30Z source: RIPE organisation: ORG-ON69-RIPE org-name: Davide Silvetti trading as 'Association Osservatorio Nessuno ODV' org-type: OTHER descr: Italian NGO remarks: https://osservatorionessuno.org address: Via Giolitti 21, Torino country: IT abuse-c: ACRO57714-RIPE mnt-ref: OSSERVATORIO-NESSUNO-MNT mnt-by: OSSERVATORIO-NESSUNO-MNT created: 2024-09-29T20:46:54Z last-modified: 2025-03-02T07:31:22Z source: RIPE # Filtered role: Admin address: Via Giolitti 21, Torino, Italy nic-hdl: AA43879-RIPE mnt-by: OSSERVATORIO-NESSUNO-MNT created: 2024-09-29T20:43:49Z last-modified: 2025-03-02T07:31:56Z source: RIPE # Filtered route: 64.190.76.0/24 origin: AS214094 mnt-by: OSSERVATORIO-NESSUNO-MNT created: 2024-10-23T13:48:12Z last-modified: 2024-10-23T13:48:12Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://iplists.firehol.org/?ipset=tor_exits

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 34 threat reports