IOC Radar
IPMediumSignal 80/100

194.58.114.52

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS197695
Reg.Ru
First Seen
Apr 15, 2026
Last Seen
May 30, 2026
Apr 15
First Seen
73d ago
May 30
Last Seen
28d ago
19
Reports
source reports
80%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

4 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS197695
OrganizationReg.Ru

Feed Intelligence Summary

19 reports80% confidence
19
Source reports
80%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptattackbad reputationbrute forcebrute-forcebruteforceeurope/asiaexploitexploitation activityhackingindicatorkill-chain exploitationkill-chain reconnaissancelow-risknetworkosintransomwarereconnaissanceresearchedrurussiascannersecurity policysocradar honeypotsshssh attackt1110.001t1595.001t1595.002t1595.003threat actorthreat preventiontor nodetpotvulnerability scanvulnerability-exploitationweb app attack

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
19
Reports
First seenApr 15, 2026
Last seenMay 30, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS197695
OrgReg.Ru
Coords55.8400, 37.4069

VirusTotal

Not checked

WHOIS

description
Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 194.58.114.52 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-17 01:52 and 2026-04-17 02:28 UTC.
raw
inetnum: 194.58.88.0 - 194.58.127.255 netname: RU-REGRU-940613 country: RU org: ORG-nrRL1-RIPE admin-c: ARP-RIPE tech-c: ARP-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: REGRU-MNT mnt-routes: REGRU-MNT created: 2013-08-06T14:16:13Z last-modified: 2016-10-06T10:07:01Z source: RIPE # Filtered organisation: ORG-nrRL1-RIPE org-name: "Domain names registrar REG.RU", Ltd country: RU org-type: LIR address: LENINGRADSKY PR-KT, 72, building 3, address: 125315 address: Moscow address: RUSSIAN FEDERATION phone: +74955801111 admin-c: RGRU-RIPE mnt-ref: REGRU-MNT mnt-ref: AS2118-MNT mnt-ref: ROSNIIROS-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: REGRU-MNT abuse-c: RGRU-RIPE created: 2011-02-21T11:14:37Z last-modified: 2026-02-16T10:51:10Z source: RIPE # Filtered person: Pavel Arbuzov address: house 3, Vassily Petushkov str., Moscow, Russia, 125476 phone: +74955140573 nic-hdl: ARP-RIPE mnt-by: REGRU-MNT created: 2011-02-24T13:00:30Z last-modified: 2011-02-24T13:00:30Z source: RIPE # Filtered route: 194.58.114.0/24 descr: Reg.Ru origin: AS197695 mnt-by: REGRU-MNT created: 2015-02-19T06:28:47Z last-modified: 2015-02-19T06:28:47Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 28 days ago
Appeared in 19 threat reports