IOC Radar
IPMediumSignal 41/100

217.114.43.119

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS210546
Natalia Aleksandrovna Petrova
First Seen
May 13, 2025
Last Seen
Jun 2, 2026
May 13
First Seen
394d ago
Jun 2
Last Seen
9d ago
18
Reports
source reports
41%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS210546
OrganizationNatalia Aleksandrovna Petrova

IP Category

Proxy
Proxy server

Feed Intelligence Summary

18 reports41% confidence
18
Source reports
41%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptattackbad reputationbad web botblacklist candidateblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcec2command & controlcommand and controlcommand executioncommunication protocolcompromised hostscredential accesscredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase exploitationdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedhcpdhcp scandistributed attackselasticsearchelasticsearch scanencryptioneuropeeurope/asiaexploitation activityexploited hostfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forcehttp floodhttp scanneridentity & access exploitationimapimap scanindicatorinformation gatheringinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklateral movementldapldap scanlogin attemptmalicious activitymalicious ipsmalicious scanmalicious softwaremalwarememcached scanmirai botnetmssqlmssql scannetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork monitoringnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americantpntp scanopen proxyoracleoracle scanpassword attackpassword attackspolandpostgresql scanprocess injectionprotocol exploitationproxyproxy protocolransomwarereconnaissancereconnaissance activityredis scanremote accessremote servicesresearchedrurussiarussian federationscanscannerscanning activitysecurity policyserver exploitationservice probingsmb brute forcesmb scansmtp brute forcesnmp scansocks5socks5 scansocradar honeypotspamsql injectionssh attacksyn floodt1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1076t1077t1078t1078.001t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1497.001t1499.001t1499.002t1499.003t1505.004t1563t1565t1589t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesvnc protocolvnc scanweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
18
Reports
First seenMay 13, 2025
Last seenJun 2, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS210546
OrgNatalia Aleksandrovna Petrova
Coords0.0000, 0.0000
Proxy

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 8080 HTTP and PROXY. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 217.114.43.0 - 217.114.43.254 netname: AS199785-RU-iPv4 country: RU org: ORG-CHSN1-RIPE admin-c: CHSN1-RIPE tech-c: CHSN1-RIPE status: ASSIGNED PA mnt-by: CLOUD-HOSTING-SOLUTIONS-MNT created: 2023-03-07T23:27:25Z last-modified: 2023-03-07T23:27:25Z source: RIPE organisation: ORG-CHSN1-RIPE org-name: Cloud Hosting Solutions, Limited. country: GB org-type: OTHER address: 71-75, Shelton Street address: WC2H 9JQ address: London address: UNITED KINGDOM admin-c: CHSN1-RIPE abuse-c: CHSN1-RIPE tech-c: CHSN1-RIPE mnt-ref: STANDART-MNT mnt-ref: RICK-MNT mnt-ref: interlir-mnt mnt-ref: NIR-MNT mnt-ref: NA-MNT mnt-ref: CLOUD-HOSTING-SOLUTIONS-MNT mnt-ref: lir-us-acedatacenter-1-MNT mnt-ref: MNT-NETERRA mnt-ref: LV-VERNET-HM-MNT mnt-by: CLOUD-HOSTING-SOLUTIONS-MNT created: 2023-02-14T15:01:24Z last-modified: 2024-12-02T08:51:44Z source: RIPE # Filtered role: Cloud Hosting Solutions NOC address: 71-75, Shelton Street address: WC2H 9JQ address: London address: UNITED KINGDOM abuse-mailbox: [email protected] nic-hdl: CHSN1-RIPE mnt-by: CLOUD-HOSTING-SOLUTIONS-MNT created: 2023-02-14T14:55:10Z last-modified: 2023-02-14T15:00:21Z source: RIPE # Filtered route: 217.114.43.0/24 origin: AS199785 mnt-by: CLOUD-HOSTING-SOLUTIONS-MNT created: 2023-02-21T17:55:56Z last-modified: 2023-03-07T23:23:16Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 18 threat reports