IOC Radar
IPMediumSignal 70/100

95.221.209.120

Location
Russian FederationRussian Federation
Moscow, Moscow Oblast
ASN
AS12714
Net By Net Holding LLC
First Seen
Sep 22, 2025
Last Seen
Apr 29, 2026
Sep 22
First Seen
265d ago
Apr 29
Last Seen
46d ago
8
Reports
source reports
70%
Confidence
medium
4/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow Oblast
ASNAS12714
OrganizationNet By Net Holding LLC

Feed Intelligence Summary

8 reports70% confidence
8
Source reports
70%
Confidence score
Category tags
abuseactive scanactive scanningbad reputationbad web botbotnet activitybrute forcebrute force attackbrute force attackercredential accesscredential stuffingddosdenial of servicedigital oceaneurope/asiaexploitation activityexploited hosthackingidentity & access exploitationindicatornetworkpassword attacksportscanreconnaissanceresearchedrurussiascannerscannersservice scanssht1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1595.001t1595.002t1595.003web app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 29Apr 29

Threat Activity Heatmap

· Peak: 2026-04-29
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
8
Reports
First seenSep 22, 2025
Last seenApr 29, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow Oblast
ASNAS12714
OrgNet By Net Holding LLC
Coords56.0271, 37.4679

VirusTotal

4/ 91vendors flagged
4% detection rateJun 4, 2026

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 95.221.32.0 - 95.221.255.255 netname: RU-TI-BB-20160221-32 descr: Net By Net Holding LLC org: ORG-TL8-RIPE country: RU language: RU admin-c: TI805-RIPE tech-c: TI805-RIPE status: ASSIGNED PA mnt-by: TI-MNT mnt-domains: TI-MNT mnt-lower: TI-MNT mnt-routes: TI-MNT created: 2022-05-23T10:39:40Z last-modified: 2022-05-23T10:39:40Z source: RIPE # Filtered organisation: ORG-TL8-RIPE org-name: Net By Net Holding LLC country: RU org-type: OTHER address: Oruzhejnyj pereulok, 41 address: 127006 address: Moscow address: RUSSIAN FEDERATION phone: +74959802800 fax-no: +74957404811 admin-c: ZK-RIPE admin-c: NP4378-RIPE admin-c: KS8124-RIPE admin-c: PP13917-RIPE admin-c: TI805-RIPE abuse-c: TI844-RIPE mnt-ref: TI-MNT mnt-by: TI-MNT created: 2004-04-17T11:59:52Z last-modified: 2022-11-24T11:19:12Z source: RIPE # Filtered role: TI RIPE Team org: ORG-TL8-RIPE address: PJSC MegaFon address: Moscow, Russia, 127006 address: Oruzhejnyj pereulok, 41 remarks: ***************************************** remarks: Please send abuse reports to [email protected] ONLY remarks: Abuse reports sent to other email will be SILENTLY DISCARDED remarks: ***************************************** abuse-mailbox: [email protected] phone: +7 495 980 2800 fax-no: +7 495 740 4811 admin-c: AK22538-RIPE tech-c: ZK-RIPE nic-hdl: TI805-RIPE mnt-by: TI-MNT created: 2012-11-02T11:54:10Z last-modified: 2023-04-12T10:32:12Z source: RIPE # Filtered route: 95.221.0.0/16 descr: TI route block origin: AS12714 mnt-by: TI-MNT created: 2009-03-09T12:21:01Z last-modified: 2009-03-09T12:21:01Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 1 month ago
Appeared in 8 threat reports