IOC Radar
IPMediumSignal 79/100

193.143.1.78

Location
Russian FederationRussian Federation
Moscow, Sankt-Peterburg
ASN
AS198953
Proton66 OOO
First Seen
Jan 10, 2025
Last Seen
May 18, 2026
Jan 10
First Seen
519d ago
May 18
Last Seen
26d ago
18
Reports
source reports
79%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

67 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Sankt-Peterburg
ASNAS198953
OrganizationProton66 OOO

IP Category

Proxy
Proxy server

Feed Intelligence Summary

18 reports79% confidence
18
Source reports
79%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbadb protocoladbhoney honeypotand exploitation attemptsandroidandroid device attacksandroid exploitationattackaustraliaautomated attackautomated attacksautomated-attackautomotive manufacturingbad reputationbad web botbankingblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute_forcebulletproof hostingc2 channelciscocisco asacisco devicecisco device attackscisco device targetingcisco exploitationcisco exploitation attemptcisco-device-targetingcivil servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostscompromised systemsconpotconpot honeypotconsumer goodscowriecowrie activitycowrie honeypotcowrie logscowrie ssh honeypotcredential accesscredential attackcredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredential_accesscredit card servicescritical vulnerabilitiescve exploitationdata encryptiondata exfiltrationdata store exposuredatabase access attemptdatabase attacksdatabase intrusion attemptdatabase securityddosddos attackddos attack indicatorsddos attacksdecoy systemdemodenial of servicedevice managementdionaeadionaea honeypotdionaea logsdionaea payloadsdirectory traversaldistributed attacksdnsdns attackelectronic health recordselectronics manufacturingemailencryptionenterprise networkingeurope/asiaexploitexploit activityexploit avaliableexploit campaignexploit campaignsexploit kitexploit kit activityexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploited hostextortionfattfatt detectionsfinancefinance and insurancefinancial servicesfinancial technologyftpftp attacksftp brute forcegeneric exploitgovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshoneytrap eventshoneytrap honeypothonghospital managementhttp brute forcehttp scannerhttpsicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationin the wildindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinitial accessinitial access attemptinitial_accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot attacksiot botnetiot securityiot systemsiot targetediot/ics attackit infrastructurelamplamp exploitationlamp server attacklamp server targetinglamp stack targetinglamp vulnerability scanlateral movementlinux-server-attacklinux-server-targetinglockbitlockbit associated activitymailoney eventsmailoney honeypotmalicious activitymalicious ipmalicious ip addressesmalicious payloadmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware distributionmalware propagationmanufacturing technologymass scanningmedical servicesmiraimirai botnetmobilemobile securitymobile threatmodbusmodbus attacksmodbus protocolmulti-protocol network scanningnetworknetwork activitynetwork attacksnetwork device attacksnetwork devicesnetwork infectionnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_devicenetwork_reconnaissancenorth americaoceaniaos command injectionot attacksp0fp0f signaturespassword attackpassword attackspassword sprayingpatient carepayment processingphishingphishing attackphishing trapport-scanningpossible malware distributionpotential intrusionprocess injectionprocess manufacturingprotocol exploitationprotocol-abuseproton66 asnproton66 ipproxyproxy protocolpublic administrationpublic infrastructurepublic policyquality controlransomwareransomware activityreconnaissancereconnaissance activityreconnaissance-activitiesredis honeypotredishoneypotregulatory agenciesremote accessremote servicesremote services exploitationresearchedresource hijackingretail traderurussiarussian federations7comms7comm attackss7comm protocolscanscannerscanningscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventsservice discoveryservice scansftpsftp access attemptsftp attacksftp attemptssftp protocolsftp-attacksftp-bruteforcesipsip attackssip brute forcesip protocolsip scanningsip-scanningsmb attackssmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injection attemptssshssh attackssh monitoringssh protocolssh-brute-forcesupply chain attacksupply chain managementsuricata alertssyn scansystem disruptiont1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1064t1068t1071t1071.001t1076t1077t1078t1082t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1558t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1583t1588t1589t1590t1591t1592t1595t1595.001t1595.002t1595.003t1598t1600tannertanner eventstargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized access attemptsunauthorized loginunauthorized-access-attemptundergroundunderground forumsunited statesunknown threat actorvoipvoip attackvoip attacksvulnerability scanwealth managementweb application attackweb application attacksweb application scanningweb attacksweb exploitationweb server attacksweb serversweb spamweb trafficweb-application-attackweb-application-attacksweb_applicationwordpress vulnerability

Activity Timeline

1 total obs
May 18May 18

Threat Activity Heatmap

· Peak: 2026-05-18
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
18
Reports
First seenJan 10, 2025
Last seenMay 18, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Sankt-Peterburg
ASNAS198953
OrgProton66 OOO
Coords55.7483, 37.6171
Proxy

VirusTotal

Not checked

WHOIS

description
This is clone Mass Scanning and Exploit Campaigns
raw
inetnum: 193.143.1.0 - 193.143.1.255 netname: RU-PROTON66-20191118 country: RU org: ORG-PO84-RIPE admin-c: TD6653-RIPE tech-c: TD6653-RIPE status: ALLOCATED PA mnt-by: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2023-04-03T14:46:27Z last-modified: 2023-04-03T14:46:27Z source: RIPE organisation: ORG-PO84-RIPE org-name: Proton66 OOO country: RU org-type: LIR address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 address: 193230 address: ST. PETERSBURG address: RUSSIAN FEDERATION phone: +7 999 528 52 71 admin-c: TD6653-RIPE tech-c: TD6653-RIPE abuse-c: AR70098-RIPE mnt-ref: lir-ru-proton66-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:54Z last-modified: 2023-03-27T12:26:54Z source: RIPE # Filtered role: Tech dept. address: RUSSIAN FEDERATION address: ST. PETERSBURG address: 193230 address: DISTRICT No. 54, ISKROVSKY PR-KT, D. 21, LIT. U, kv.218 phone: +7 999 528 52 71 nic-hdl: TD6653-RIPE mnt-by: lir-ru-proton66-1-MNT created: 2023-03-27T12:26:52Z last-modified: 2023-03-27T12:26:53Z source: RIPE # Filtered route: 193.143.1.0/24 origin: AS198953 mnt-by: lir-ru-proton66-1-MNT created: 2023-11-08T19:15:39Z last-modified: 2023-11-08T19:15:39Z source: RIPE
references
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-1-mass-scanning-and-exploit-campaigns/, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 26 days ago
Appeared in 18 threat reports