IPMediumSignal 76/100

`193.143.1.33`

Location

Russian Federation

Moscow, Moscow

ASN

AS198953

Proton66 OOO

First Seen

Aug 5, 2024

Last Seen

May 18, 2026

Aug 5

First Seen

678d ago

May 18

Last Seen

27d ago

Reports

source reports

76%

Confidence

medium

Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

76%

Signal Score

76 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

58 techniques

Network Information

Country

Russian Federation

RegionMoscow, Moscow

ASNAS198953

OrganizationProton66 OOO

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

20 reports76% confidence

Source reports

76%

Confidence score

Category tags

abuseabusech-threatfox-c2caccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessandroidandroid exploitationapacheapache attackerattackautomotive manufacturingbad reputationbankingbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute_forcebulletproof hostingc2ciscocisco asacisco devicecisco exploitationcivil servicescommand & controlcommand and controlcommunication protocolconsumer goodscowriecowrie honeypotcowrie honeypot detectioncredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescritical vulnerabilitiescve exploitationdata encryptiondata exfiltrationdata store exposureddosddos attacksdecoy systemdemodevice managementdistributed attackselectronic health recordselectronics manufacturingencryptionenterprise networkingeurope/asiaexploit activityexploit avaliableexploit campaignexploit campaignsexploit kitexploitation activityextortionfinancefinance and insurancefinancial servicesfinancial technologyftpgovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshoneytrap honeypothonghospital managementidentity & access exploitationin the wildindustrial automationindustrial iotindustrial productioninformation technologyinitial accessinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackit infrastructurelamplamp stack targetedlateral movementlockbitlockbit associated activitymalicious activitymalicious activity detectedmalicious ipmalicious ip addressesmalicious softwaremalwaremanufacturing technologymass scanningmedical servicesmiraimirai botnetmobilemobile securitymobile threatnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissanceoperating systemoperating system securitypassword attackspatient carepayment processingphishingphishing attackpotential exploitprivilege escalationprocess injectionprocess manufacturingprotocol exploitationproton66 asnproton66 ipproxypublic administrationpublic infrastructurepublic policyquality controlransomwarerdpreconnaissanceregulatory agenciesremote accessremote servicesremote services exploitationresearchedretail traderurussiarussian federationscanscannerscanningscanning activitysecurity policysftpsftp attacksftp attackssocial engineeringsoftware developmentsshssh attackssh monitoringstealcsupply chain attacksupply chain managementsystem disruptiont1005t1018t1021t1021.001t1040t1041t1046t1053t1055t1059t1059.001t1064t1068t1069.001t1071t1071.001t1076t1078t1082t1083t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1210t1486t1490t1496t1499.001t1499.002t1499.003t1558t1563t1565t1566t1566.001t1566.002t1566.003t1567t1583t1588t1589t1590t1591t1592t1595t1595.001t1595.002t1595.003t1598t1600tcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreatfox iocstor nodeunauthorized access attemptsundergroundunderground forumsvulnerability scanwealth managementwinwindowswordpress vulnerability

Activity Timeline

1 total obs

May 18May 18

Threat Activity Heatmap

· Peak: 2026-05-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

76%

Confidence

Reports

First seenAug 5, 2024

Last seenMay 18, 2026

GeolocationRU

CountryRussian Federation

LocationMoscow, Moscow

ASNAS198953

OrgProton66 OOO

Coords55.7569, 37.6151

Proxy

VirusTotal

Not checked

WHOIS

description: This is clone Mass Scanning and Exploit Campaigns
raw: inetnum: 193.143.1.0 - 193.143.1.255 netname: RU-PROTON66-20191118 country: RU org: ORG-PO84-RIPE admin-c: TD6653-RIPE tech-c: TD6653-RIPE status: ALLOCATED PA mnt-by: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2023-04-03T14:46:27Z last-modified: 2023-04-03T14:46:27Z source: RIPE organisation: ORG-PO84-RIPE org-name: Proton66 OOO country: RU org-type: LIR address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 address: 193230 address: ST. PETERSBURG address: RUSSIAN FEDERATION phone: +7 999 528 52 71 admin-c: TD6653-RIPE tech-c: TD6653-RIPE abuse-c: AR70098-RIPE mnt-ref: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:54Z last-modified: 2023-03-27T12:26:54Z source: RIPE # Filtered role: Tech dept. address: RUSSIAN FEDERATION address: ST. PETERSBURG address: 193230 address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 phone: +7 999 528 52 71 nic-hdl: TD6653-RIPE mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:52Z last-modified: 2023-03-27T12:26:53Z source: RIPE # Filtered route: 193.143.1.0/24 origin: AS198953 mnt-by: lir-ru-proton66-1-MNT created: 2023-11-08T19:15:39Z last-modified: 2023-11-08T19:15:39Z source: RIPE
references: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-1-mass-scanning-and-exploit-campaigns/

`193.143.1.33`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy