IOC Radar
IPMediumSignal 54/100

178.178.127.114

Location
Russian FederationRussian Federation
Budyonnovsk, Nizhny Novgorod Oblast
ASN
AS31133
MegaFon
First Seen
Jan 19, 2025
Last Seen
Jun 4, 2026
Jan 19
First Seen
507d ago
Jun 4
Last Seen
6d ago
25
Reports
source reports
54%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryRURussian Federation
RegionBudyonnovsk, Nizhny Novgorod Oblast
ASNAS31133
OrganizationMegaFon

Feed Intelligence Summary

25 reports54% confidence
25
Source reports
54%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveractive scanactive scanningadresse ipapacheapache attackerasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptsauthentication brute forceauthentication bypassauthentication-attemptsautomated attackautomated attacksazure adbad reputationbad web botbankingbanlist feedbelgiumbinary defenseblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationc2 servercivil servicescloud infrastructurecloud infrastructure attackcommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-stuffingcredit card servicesctadata encryptiondata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedionaeadionaea honeypotdistributed attacksdnsdns attackencryptioneuropeeurope/asiaexploitexploitation activityexploitation attemptexploited hostexternal ipfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed loginsfattfinancefinance and insurancefinancial servicesfinancial technologyfinlandfoods and drinksfrancefraud ordersftpftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationimapimap attackimap brute forceindicatorinfoinformation technologyinitial accessinjection activityinternet-facingintrusion detectioniocipv4ipv4 attacksit infrastructurekill-chain exploitationkill-chain reconnaissanceknown malicious actorlamplateral movementlinux-server-attackslocal governmentlocal government targetlogin attacklogin attemptlogin attemptslow-riskmail servermailoney honeypotmalaysiamalicious activitymalicious hostmalicious ipmalicious ip addressesmalicious sftp activitymalicious softwaremalicious ssh activitymalicious-activitymalwaremalware behaviourmalware capturemalware distributionmalware propagationmicrosoft entra idmultiple usersnetworknetwork accessnetwork activitynetwork attacksnetwork brute forcenetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanoticeoceaniaosintp0fpassword attackpassword attackspassword crackingpassword-guessingpayment processingphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningpossible reconnaissanceprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingrurussiarussian federationsaslsasl brute forcescams & fraudscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftpsftp attacksmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1552.001t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1588.004t1589t1589.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertcptcp brute forcetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
25
Reports
First seenJan 19, 2025
Last seenJun 4, 2026
GeolocationRU
CountryRussian Federation
LocationBudyonnovsk, Nizhny Novgorod Oblast
ASNAS31133
OrgMegaFon
Coords56.2852, 43.9976

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 178.178.127.0 - 178.178.127.255 netname: MF-MC-18072022_Cloud country: RU admin-c: MFBN-RIPE tech-c: MFPF-RIPE status: ASSIGNED PA mnt-domains: MEGAFON-DNS-MNT mnt-by: MF-FCURP-MNT mnt-by: MEGAFON-AUTO-MNT created: 2022-09-14T06:40:57Z last-modified: 2022-09-14T06:41:46Z source: RIPE role: FCURP of PJSC MegaFon address: PJSC "MegaFon" address: 6, Nartova address: Nizhny Novgorod, 603104 address: Russian Federation admin-c: KP4987-RIPE admin-c: AK23073-RIPE admin-c: AD16365-RIPE tech-c: KP4987-RIPE tech-c: AK23073-RIPE tech-c: AD16365-RIPE abuse-mailbox: [email protected] remarks: ----------------------------------------------------------- remarks: Customer Service Center, is available at 24 x 7 remarks: ----------------------------------------------------------- remarks: Technical questions: [email protected] remarks: Routing and peering: [email protected] remarks: ----------------------------------------------------------- remarks: SPAM and Network security: [email protected] remarks: Please use [email protected] e-mail address for complaints. remarks: All messages to any other our address, relative to SPAM remarks: or security issues, will not be concerned. remarks: ----------------------------------------------------------- remarks: Information: http://www.megafon.ru remarks: ----------------------------------------------------------- nic-hdl: MFBN-RIPE mnt-by: MF-FCURP-MNT mnt-by: MEGAFON-RIPE-MNT created: 2021-04-23T08:53:03Z last-modified: 2024-07-08T08:23:35Z source: RIPE # Filtered role: Volga Branch of OJSC MegaFon Technical Department address: 443080, Russia, Samara, Moskovskoe shosse, 15 abuse-mailbox: [email protected] remarks: ----------------------------------------------------------- remarks: Customer Service Center, is available at 24 x 7 remarks: ----------------------------------------------------------- remarks: Technical questions: [email protected] remarks: Routing and peering: [email protected] remarks: ----------------------------------------------------------- remarks: SPAM and Network security: [email protected] remarks: Please use [email protected] e-mail address for complaints. remarks: All messages to any other our address, relative to SPAM remarks: or security issues, will not be concerned. remarks: ----------------------------------------------------------- remarks: Information: http://www.megafon.ru remarks: ----------------------------------------------------------- admin-c: MA25605-RIPE nic-hdl: MFPF-RIPE mnt-by: MGSM-MNT created: 2013-02-11T09:17:34Z last-modified: 2022-07-16T04:43:00Z source: RIPE # Filtered route: 178.178.127.0/24 origin: AS31133 mnt-by: MF-FCURP-MNT created: 2022-09-14T06:44:30Z last-modified: 2022-09-14T06:44:30Z source: RIPE
references
Sign in from malicious ip blocked-2025-02-17 17_19_32.861.csv, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 25 threat reports