IPMediumSignal 39/100
193.143.1.30
Location
Russian FederationMoscow, MOW
ASN
AS198953
Proton66 OOO
First Seen
Aug 2, 2025
Last Seen
May 26, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionMoscow, MOW
ASNAS198953
OrganizationProton66 OOO
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
9 reports39% confidence
9
Source reports
39%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessapi servicesattackaustraliaautomated_attacksbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forceciscocisco asacisco asa targetedcisco devicecisco_devicescommand and controlcommand injectioncommunication protocolcontent deliverycowriecowrie honeypotcowrie ssh attackscredential accesscredential attackcredential stuffingcredential theftcredential_access_attemptsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksdnsdns attackencryptionenterprise networkingeurope/asiaexploitexploit attemptsexploitation activityexploitation attemptexploitation attemptsexploited hostfattfirewall eventftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot/ics attackipv4ipv4 addresslamplamp server attackslamp stack targetinglateral movementlinux_serverslogin attemptsmailoney honeypotmalicious activitymalicious ipmalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemiraimirai botnetmonthlynetworknetwork attacksnetwork devicesnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securityoceaniaoperating systemoperating system securityp0fpassword attacksperimeter devicesphishingphishing attackphishing trappossible credential stuffingpossible reconnaissancepotential exploitpotential lateral movementpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationransomwarerdpreconnaissanceremote accessremote service exploitationremote servicesresearchedresource hijackingrurussiarussian federationscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsftpsftp access attemptsftp attacksftp probingsipsip scanningsmtpsmtp brute forcespamsshssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.007t1069.001t1071t1071.001t1076t1077t1078t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottraffic analysisunauthorized accessunauthorized access attemptunauthorized access attemptsvoipvoip attackvpnvpn ipvulnerability scanweb apisweb application attackweb applicationsweb attackweb developmentweb exploitationweb hostingweb infrastructureweb servicesweb spamweb technologiesweb trafficweb_attackswinwindows
Activity Timeline
May 26May 26
Threat Activity Heatmap
· Peak: 2026-05-26LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
9
Reports
First seenAug 2, 2025
Last seenMay 26, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, MOW
ASNAS198953
OrgProton66 OOO
Coords55.7483, 37.6171
VPN
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 193.143.1.0 - 193.143.1.255 netname: RU-PROTON66-20191118 country: RU org: ORG-PO84-RIPE admin-c: TD6653-RIPE tech-c: TD6653-RIPE status: ALLOCATED PA mnt-by: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2023-04-03T14:46:27Z last-modified: 2023-04-03T14:46:27Z source: RIPE organisation: ORG-PO84-RIPE org-name: Proton66 OOO country: RU org-type: LIR address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 address: 193230 address: ST. PETERSBURG address: RUSSIAN FEDERATION phone: +7 999 528 52 71 admin-c: TD6653-RIPE tech-c: TD6653-RIPE abuse-c: AR70098-RIPE mnt-ref: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:54Z last-modified: 2023-03-27T12:26:54Z source: RIPE # Filtered role: Tech dept. address: RUSSIAN FEDERATION address: ST. PETERSBURG address: 193230 address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 phone: +7 999 528 52 71 nic-hdl: TD6653-RIPE mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:52Z last-modified: 2023-03-27T12:26:53Z source: RIPE # Filtered route: 193.143.1.0/24 origin: AS198953 mnt-by: lir-ru-proton66-1-MNT created: 2023-11-08T19:15:39Z last-modified: 2023-11-08T19:15:39Z source: RIPE
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 26 days ago
Appeared in 9 threat reports