IPMediumSignal 27/100
91.203.145.116
Location
UkraineKryvyi Rih, 12
ASN
AS45045
GOODNET
First Seen
Aug 26, 2020
Last Seen
Jun 7, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUkraine
UkraineRegionKryvyi Rih, 12
ASNAS45045
OrganizationGOODNET
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
31 reports27% confidence
31
Source reports
27%
Confidence score
Category tags
access controlactive scanactive scanningaerospace & defenseanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyantispamapplication layer protocolattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanauthentication attemptsauto-generated securityautomated feedautomated network attacksautomated_attackautomotive manufacturingbad reputationbad web botblog spambotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2c2 addressesc2 communicationc2 infrastructurec2 servercivil servicescommand & controlcommand and controlcommand-and-controlcommunication protocolcompromised hostcompromised host indicatorscompromised infrastructure indicatorscredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcyber securitydata encryptiondata exfiltrationdata store exposureddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdistributed denial-of-serviceelectronics manufacturingencryptionenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploit kitexploitation activityexternal threatfailed login attemptsfeedfeed-harvestfeodofeodo trackerfeodo-trackerfinlandfireholfranceftpftp brute forceftp_attemptsftp_brute_forcegermanygovernment technologyhackinghashhoneynet connecthttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityintrusion detectioniociocsiot securityit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashinglateral movementlog4jlogin attemptmalicious activitymalicious domainmalicious domainsmalicious hashesmalicious ipsmalicious linksmalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware communicationmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanufacturing technologymilitary operationsnational securitynetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenextraynorth americaopenphish feedopenphish iocpassword attackpassword attacksphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing urlspolandpossible credential stuffingpossible reconnaissancepotential botnet activityprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policyquality controlransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityregulatory agenciesremote accessremote servicesresearchedscannerscanning activitysecurity operationssecurity policysecurity_eventservice discoveryservice enumerationservice scanservice scanningsmtpsmtp brute forcesocial engineeringsoftware developmentspamspam botspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsshssh attackssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsupply chain attacksupply chain managementsuspected malicious activitysyn scant1005t1016t1018t1021t1021.001t1021.002t1040t1041t1046t1048t1055t1059t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threattelnet_attemptsthreat actorthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-actor:unattributedthreat-intelthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestsecudp scanukraineunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorurlhausvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb application attackweb exploitationweb securityweb spamweb traffic
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
31
Reports
First seenAug 26, 2020
Last seenJun 7, 2026
GeolocationUA
CountryUkraine
LocationKryvyi Rih, 12
ASNAS45045
OrgGOODNET
Coords47.9056, 33.3901
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- inetnum: 91.203.144.0 - 91.203.147.255 netname: GOODNET-NET country: UA org: ORG-FKOO1-RIPE admin-c: AK5629-RIPE tech-c: AK5629-RIPE status: ASSIGNED PI mnt-by: GOODNET-UA-MNT mnt-by: RIPE-NCC-END-MNT mnt-routes: GOODNET-UA-MNT mnt-domains: GOODNET-UA-MNT created: 2008-04-22T12:27:01Z last-modified: 2016-04-14T09:35:43Z source: RIPE sponsoring-org: ORG-KNET2-RIPE organisation: ORG-FKOO1-RIPE org-name: FOP Kazakov Oleksandr Oleksandrovich country: UA org-type: OTHER address: Enakievo city, Repina st. 34 address: 86420 Donetsk region phone: +38 (063)2945505 fax-no: +38 (057)7120813 abuse-c: AC30078-RIPE admin-c: AK5629-RIPE tech-c: AK5629-RIPE mnt-ref: GOODNET-UA-MNT mnt-by: GOODNET-UA-MNT created: 2008-04-18T16:02:03Z last-modified: 2022-12-01T16:25:58Z source: RIPE # Filtered person: Alex Kazakov address: 56, Poltavsky Shlyah str. phone: +3 8-063-2945505 fax-no: +3 8-057-7120813 nic-hdl: AK5629-RIPE mnt-by: GOODNET-UA-MNT created: 2008-03-04T13:27:34Z last-modified: 2017-10-30T21:59:07Z source: RIPE # Filtered route: 91.203.145.0/24 descr: GOODNET-NET origin: AS45045 mnt-by: GOODNET-UA-MNT created: 2008-06-10T13:14:37Z last-modified: 2008-06-10T13:14:37Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://check.torproject.org/torbulkexitlist, https://www.dan.me.uk/torlist/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 6 days ago
Appeared in 31 threat reports