IPMediumSignal 41/100
146.70.52.45
Location
Russian FederationMoscow, Moskva
ASN
AS9009
M247 Ltd Moscow
First Seen
Jun 29, 2021
Last Seen
May 29, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionMoscow, Moskva
ASNAS9009
OrganizationM247 Ltd Moscow
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
19 reports41% confidence
19
Source reports
41%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaerospace & defenseapacheapache attackerattackaustraliaauthenticationautomotive manufacturingbad reputationbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute-forcec2c2 communicationcivil servicescode executioncommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential brute-forcingcredential harvestingcredential stuffingcyber securitydata exfiltrationdata store exposureddosddos attackddos preparationddos probedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedionaea honeypotdirectory traversal attemptdistributed attackselectronics manufacturingeuropeeurope/asiaexploit attemptexploit attemptsexploitation activityexploitation of vulnerabilityexploited hostfattftpftp attackftp attacksftp brute forcegovernment technologyhackinghoneytrap honeypothttp attackhttp scannerhttp scanninghttps scanningidentity & access exploitationindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinitial accessinjection activityintrusion detectioniociot securityit infrastructurelateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware downloadmanufacturing technologymilitary operationsnational securitynetworknetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynextrayoceaniap0fp0f passive fingerprintingpassword attackpassword attacksphishingphishing attackphishing trapping of deathprocess injectionprocess manufacturingprotocol exploitationproxyproxy activitypublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessresearchedresource hijackingrurussiascannerscanning activitysesecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansmtp scanningsocial engineeringsoftware developmentsoftware exploitationsql injection attemptssh attackssh attacksssh monitoringssh-brute-forcesupply chain attacksupply chain managementsuricata alertsswedent1003t1005t1016t1018t1021t1027t1040t1043t1046t1047t1053t1053.005t1055t1056t1059t1071t1071.001t1071.002t1071.004t1078t1083t1090t1090.001t1090.002t1090.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505t1550t1552t1555t1556t1562t1565t1566t1566.001t1566.002t1566.003t1573t1588.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotvoipvoip attackvpnvulnerability scanweb application attackweb exploitationweb exploitsweb loginweb shell attemptweb traffic
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
19
Reports
First seenJun 29, 2021
Last seenMay 29, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moskva
ASNAS9009
OrgM247 Ltd Moscow
Coords55.7483, 37.6171
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded.
- raw
- inetnum: 146.70.52.0 - 146.70.52.255 netname: M247-Moscow descr: M247 Moscow Infrastructure country: RU org: ORG-MLM15-RIPE geoloc: 55.79014 37.46673 admin-c: GBXS-RIPE tech-c: GBXS-RIPE status: LEGACY mnt-by: GLOBALAXS-MNT remarks: ----------------------- LEGAL CONCERNS ---------------- remarks: For any legal requests, please send an email to remarks: [email protected] for a maximum 48hours response. remarks: ----------------------- LEGAL CONCERNS ---------------- created: 2021-06-11T11:09:20Z last-modified: 2021-06-11T11:09:20Z source: RIPE organisation: ORG-MLM15-RIPE org-name: M247 Ltd Moscow org-type: OTHER address: Moscow, Russia abuse-c: AR38608-RIPE mnt-ref: GLOBALAXS-MNT mnt-by: GLOBALAXS-MNT created: 2020-08-05T10:34:55Z last-modified: 2024-05-16T14:14:14Z source: RIPE # Filtered role: GLOBALAXS NOC remarks: M247 - Network Management Centre address: 1 Ball Green, Cobra Court address: M32 0QT, Manchester - United Kingdom tech-c: JB3482-RIPE tech-c: CB2407-RIPE nic-hdl: GBXS-RIPE abuse-mailbox: [email protected] mnt-by: GLOBALAXS-MNT created: 2006-07-13T15:37:05Z last-modified: 2018-09-10T17:32:45Z source: RIPE # Filtered route: 146.70.52.0/24 descr: M247 Europe origin: AS9009 mnt-by: GLOBALAXS-MNT created: 2021-05-14T09:47:51Z last-modified: 2021-05-14T09:47:51Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 25 days ago
Appeared in 19 threat reports