IOC Radar
IPMediumSignal 65/100

185.147.125.148

Location
PolandPoland
Stavropol, 14
ASN
AS213861
Rodion Vostrikov
First Seen
Oct 30, 2024
Last Seen
Apr 11, 2025
Oct 30
First Seen
603d ago
Apr 11
Last Seen
441d ago
7
Reports
source reports
65%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryPLPoland
RegionStavropol, 14
ASNAS213861
OrganizationRodion Vostrikov

Feed Intelligence Summary

7 reports65% confidence
7
Source reports
65%
Confidence score
Category tags
abuseaccessactive scanningattackbotnetbrute forcebrute force attackscommand and controlcompromised credentialsconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata exfiltration attemptdecoy systemdionaeadionaea honeypotdistributed attacksemailexploit kit activityftp brute forcegithubgroupshoneytrap honeypotics securityindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceiot/ics attacklamplamp exploitlateral movementmail service attackmailoney honeypotmalicious activitymalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork intrusionnetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork service exploitationpassword sprayingphishingphishing attackphishing trappolandpossible exploit attemptsprocess injectionpythonreconnaissanceresearchedrurussian federationscannerscriptscripting attackssftpsftp attackslugsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.004t1041t1046t1053t1055t1059t1059.004t1059.007t1071.001t1078t1078.004t1110t1110.001t1110.002t1190t1203t1486t1496t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannerthreat actorthreat detectionthreat intelligenceunauthorized accessunauthorized access attemptweb attackweb exploitation

Activity Timeline

1 total obs
Apr 11Apr 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
7
Reports
First seenOct 30, 2024
Last seenApr 11, 2025
GeolocationPL
CountryPoland
LocationStavropol, 14
ASNAS213861
OrgRodion Vostrikov
Coords52.2484, 21.0026

VirusTotal

Not checked

WHOIS

description
2025-02-12T04:26:46.423Z Honeypot : ConPot : Source: 185.147.125.148 : Port: 1025 Data Type: kamstrup_protocol Event Type: CONNECTION_LOST
raw
inetnum: 185.147.125.0 - 185.147.125.255 netname: RU-PLANETA-20240725 country: RU org: ORG-PL566-RIPE admin-c: PL14775-RIPE tech-c: PL14775-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2024-07-25T16:19:41Z last-modified: 2024-07-25T16:19:46Z source: RIPE organisation: ORG-PL566-RIPE org-name: Planeta LLC address: ul. Ozernaya, d. 42, pom. 510A address: 119361 Moscow address: Russia abuse-c: PL14775-RIPE mnt-ref: IP-RIPE mnt-by: IP-RIPE org-type: OTHER created: 2024-05-20T18:24:55Z last-modified: 2024-05-20T18:25:27Z source: RIPE # Filtered role: Planeta LLC address: ul. Ozernaya, d. 42, pom. 510A address: 119361 Moscow address: Russia abuse-mailbox: [email protected] phone: +7 495 1326245 nic-hdl: PL14775-RIPE mnt-by: IP-RIPE created: 2024-05-20T18:24:56Z last-modified: 2024-05-20T18:24:56Z source: RIPE # Filtered route: 185.147.125.0/24 origin: AS49505 mnt-by: IP-RIPE created: 2024-07-25T16:19:47Z last-modified: 2024-07-25T16:19:47Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 year ago
Appeared in 7 threat reports