IOC Radar
IPMediumSignal 68/100

146.70.52.238

Location
Russian FederationRussian Federation
Moscow, MOW
ASN
AS9009
M247 Ltd Moscow
First Seen
Jan 27, 2022
Last Seen
May 26, 2026
Jan 27
First Seen
1595d ago
May 26
Last Seen
15d ago
18
Reports
source reports
68%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryRURussian Federation
RegionMoscow, MOW
ASNAS9009
OrganizationM247 Ltd Moscow

Feed Intelligence Summary

18 reports68% confidence
18
Source reports
68%
Confidence score
Category tags
abuseactive scanactive scanningbad reputationbad web botbotnet activitybrute forcebrute force attackbrute force attackercredential accesscredential stuffingcyber securitydefenseeuropeeurope/asiahackingidentity & access exploitationiocit infrastructurenetworknextraypassword attacksphishingportscanproxyransomwarereconnaissanceresearchedrurussiascannerscannersseservice scansocradar honeypotsoftware developmentswedent1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003vultr

Activity Timeline

1 total obs
May 26May 26

Threat Activity Heatmap

· Peak: 2026-05-26
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
18
Reports
First seenJan 27, 2022
Last seenMay 26, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, MOW
ASNAS9009
OrgM247 Ltd Moscow
Coords55.7483, 37.6171

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
inetnum: 146.70.52.0 - 146.70.52.255 netname: M247-Moscow descr: M247 Moscow Infrastructure country: RU org: ORG-MLM15-RIPE geoloc: 55.79014 37.46673 admin-c: GBXS-RIPE tech-c: GBXS-RIPE status: LEGACY mnt-by: GLOBALAXS-MNT remarks: ----------------------- LEGAL CONCERNS ---------------- remarks: For any legal requests, please send an email to remarks: [email protected] for a maximum 48hours response. remarks: ----------------------- LEGAL CONCERNS ---------------- created: 2021-06-11T11:09:20Z last-modified: 2021-06-11T11:09:20Z source: RIPE organisation: ORG-MLM15-RIPE org-name: M247 Ltd Moscow org-type: OTHER address: Moscow, Russia abuse-c: AR38608-RIPE mnt-ref: GLOBALAXS-MNT mnt-by: GLOBALAXS-MNT created: 2020-08-05T10:34:55Z last-modified: 2024-05-16T14:14:14Z source: RIPE # Filtered role: GLOBALAXS NOC remarks: M247 - Network Management Centre address: 1 Ball Green, Cobra Court address: M32 0QT, Manchester - United Kingdom tech-c: JB3482-RIPE tech-c: CB2407-RIPE nic-hdl: GBXS-RIPE abuse-mailbox: [email protected] mnt-by: GLOBALAXS-MNT created: 2006-07-13T15:37:05Z last-modified: 2018-09-10T17:32:45Z source: RIPE # Filtered route: 146.70.52.0/24 descr: M247 Europe origin: AS9009 mnt-by: GLOBALAXS-MNT created: 2021-05-14T09:47:51Z last-modified: 2021-05-14T09:47:51Z source: RIPE
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 15 days ago
Appeared in 18 threat reports