IOC Radar
IPMediumSignal 56/100

178.141.244.98

Location
Russian FederationRussian Federation
Kirov, KIR
ASN
AS8359
MTS KRV Pppoe
First Seen
Nov 8, 2024
Last Seen
Apr 24, 2026
Nov 8
First Seen
581d ago
Apr 24
Last Seen
50d ago
9
Reports
source reports
56%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountryRURussian Federation
RegionKirov, KIR
ASNAS8359
OrganizationMTS KRV Pppoe

Feed Intelligence Summary

9 reports56% confidence
9
Source reports
56%
Confidence score
Category tags
abuseactive scanactive scanningbad reputationbotnet activitybrute forcebrute force attackcredential accesscredential stuffingddosddos attackddos attackseurope/asiaexploitexploitation activityexploited hosthackingidentity & access exploitationindicatorinternet of thingsiot botnetiot securityiot/ics attackmalwaremirai botnetnetworkpassword attacksping of deathreconnaissanceresearchedrussiascannerssh attackt1071.001t1110.001t1110.002t1110.003t1110.004t1496t1499.002t1595.001t1595.002t1595.003tpotvulnerability scanvulnerability-exploitation

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
9
Reports
First seenNov 8, 2024
Last seenApr 24, 2026
GeolocationRU
CountryRussian Federation
LocationKirov, KIR
ASNAS8359
OrgMTS KRV Pppoe
Coords58.5896, 49.6567

VirusTotal

Not checked

WHOIS

description
Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 178.141.244.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).
raw
inetnum: 178.141.240.0 - 178.141.247.255 netname: MTS-KRV-PPPOE-35-NET descr: Mobile Telesystems PJSC, Kirov branch descr: Dynamic PPPoE individual customers country: RU admin-c: NOCK2-RIPE tech-c: NOCK2-RIPE status: ASSIGNED PA mnt-by: VKTV-MNT created: 2013-11-20T07:27:10Z last-modified: 2015-10-05T09:39:18Z source: RIPE role: Network Operation Center CJSC COMSTAR-Regions Kirov branch address: 101, Karl Marx St., 610027, Kirov, Russia abuse-mailbox: [email protected] admin-c: MC34412-RIPE admin-c: AP28766-RIPE tech-c: AP28766-RIPE tech-c: MC34412-RIPE nic-hdl: NOCK2-RIPE mnt-by: VKTV-MNT created: 2013-02-21T06:40:36Z last-modified: 2018-07-12T13:02:48Z source: RIPE # Filtered route: 178.141.0.0/16 descr: Mobile Telesystems PJSC, Kirov branch origin: AS8359 mnt-by: MTU-NOC created: 2020-08-12T13:54:25Z last-modified: 2020-08-12T13:54:25Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 9 threat reports