Pulse Detail — Threat Intelligence

PULSE NAME

PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks

WHITE CyberHunter_NL 2025-03-03 Modified: 2025-04-29

144

IOCs

HIGH VOLUME

The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost‘ and ‘BEARHOST‘. We notably observed that both network’s configurations are almost identical in terms of peering agreements and their respective share of loads throughout time.

Indicators of Compromise (144)

All CIDR URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CIDR	185.7.214.0/24	—	2025-03-03
CIDR	193.143.1.0/24	—	2025-03-03
CIDR	194.32.236.0/24	—	2025-03-03
CIDR	213.226.123.0/24	—	2025-03-03
CIDR	45.134.26.0/24	—	2025-03-03
CIDR	45.135.232.0/24	—	2025-03-03
CIDR	45.140.17.0/24	—	2025-03-03
CIDR	5.42.199.0/24	—	2025-03-03
CIDR	91.202.233.0/24	—	2025-03-03
CIDR	91.212.166.0/24	—	2025-03-03
CIDR	91.215.85.0/24	—	2025-03-03
CIDR	92.255.57.0/24	—	2025-03-03
CIDR	92.255.85.0/24	—	2025-03-03
URL	http://5.42.199.0/24'	—	2025-03-03
URL	http://91.202.233.0/24'	—	2025-03-03
URL	http://allphaa-gr.com/assets/myAlpha.apk	—	2025-03-03
URL	http://avastcsw.com/Avastavv.apk'.	—	2025-03-03
URL	http://avastcsw.com/anydesk.dmg'	—	2025-03-03
URL	http://crome-update-gr.com/ready.apk'	—	2025-03-03
URL	http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/get_downl	—	2025-03-03
URL	http://itreshenia.ru	—	2025-03-03
URL	http://letmespellmoons.com/bg/js/stat.js/'	—	2025-03-03
URL	http://marvin-occentus.net/statistic/js/stat.js'	—	2025-03-03
URL	http://na1.net/hubfs/5556002/2022%20PDF%20Download%20Assets/ADA%20Compliant%20pdfs/Reports/PUBLIC_Gootloa	—	2025-03-03
URL	http://tter.com/I	—	2025-03-03
URL	http://www-wpx.net/assets/core.js'.	—	2025-03-03
URL	http://www.hostway.ru	—	2025-03-03
URL	https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/	—	2025-03-03
URL	https://fr.li	—	2025-03-03
URL	https://info.spamhaus.com/hubfs/Botnet%20Reports/Jan-	—	2025-03-03
URL	https://info.spamhaus.com/hubfs/Botnet%20Reports/Jan-Jun%202024%20Botnet%20Threat%20Update.pdf	—	2025-03-03
URL	https://www.energy.vic.gov.au/households/help-paying-your-energy-bills/energy-bill-relief-fund	—	2025-03-03
URL	https://www.hyas.com/blog/hyas-insight-uncovers-and-mitigates-a-russian-based-cyberattack	—	2025-03-03
domain	29395341-coinbase.com	—	2025-03-03
domain	8-bnpparibas.com	—	2025-03-03
domain	873911-coinbase.com	—	2025-03-03
domain	acist.com	—	2025-03-03
domain	alerte-bnp.com	—	2025-03-03
domain	allphaa-gr.com	—	2025-03-03
domain	api-confirmer-bnp.com	—	2025-03-03
domain	app-blastl2.com	—	2025-03-03
domain	ativar-conta.com	—	2025-03-03
domain	ausenergyrebate.com	—	2025-03-03
domain	avast-antivirus.com	—	2025-03-03
domain	avastax.com	—	2025-03-03
domain	avastcsm.com	—	2025-03-03
domain	avastcsw.com	—	2025-03-03
domain	avastcv.com	—	2025-03-03
domain	avastga.com	—	2025-03-03
domain	avastme.com	—	2025-03-03
domain	avastnw.com	—	2025-03-03
domain	avastop.com	—	2025-03-03
domain	avastpm.com	—	2025-03-03
domain	avastpn.com	—	2025-03-03
domain	avastpst.com	—	2025-03-03
domain	avastpx.com	—	2025-03-03
domain	avastpy.com	—	2025-03-03
domain	avastsf.com	—	2025-03-03
domain	avastsgp.com	—	2025-03-03
domain	avastsp.com	—	2025-03-03
domain	avastuo.com	—	2025-03-03
domain	avastvx.com	—	2025-03-03
domain	avastxo.com	—	2025-03-03
domain	avastxp.com	—	2025-03-03
domain	ayrebzignar.com	—	2025-03-03
domain	bestaetigungsverfahren.com	—	2025-03-03
domain	borgerindberetning.com	—	2025-03-03
domain	cba-support-team.com	—	2025-03-03
domain	cleanenergycommercial.com	—	2025-03-03
domain	cledigitales-bnp.com	—	2025-03-03
domain	clien-bnp.com	—	2025-03-03
domain	confirmer-bnp.com	—	2025-03-03
domain	coveragecollege.com	—	2025-03-03
domain	crome-update-gr.com	—	2025-03-03
domain	crypto-qs.com	—	2025-03-03
domain	cyberpol.net	—	2025-03-03
domain	device-authorisation.com	—	2025-03-03
domain	doggygangers.com	—	2025-03-03
domain	energy-relief-fund.com	—	2025-03-03
domain	energy-smtp-services-encrypted-redir.com	—	2025-03-03
domain	hirevalueinc.com	—	2025-03-03
domain	hostway.ru	—	2025-03-03
domain	hsbcsecure-mexico.com	—	2025-03-03
domain	islanderalumni.org	—	2025-03-03
domain	itreshenia.ru	—	2025-03-03
domain	ivgea.org	—	2025-03-03
domain	khirallahboston.com	—	2025-03-03
domain	ledger-hardware-services.com	—	2025-03-03
domain	ledger-portal.com	—	2025-03-03
domain	ledger-service-hardware.com	—	2025-03-03
domain	letmespellmoons.com	—	2025-03-03
domain	louvrebanqueprivee-moncompte.com	—	2025-03-03
domain	louvrebanqueprivee-monespace.com	—	2025-03-03
domain	macledigital-bnp.com	—	2025-03-03
domain	marvin-occentus.net	—	2025-03-03
domain	mdlgroup.com	—	2025-03-03
domain	medm.ca	—	2025-03-03
domain	mine-495834.net	—	2025-03-03
domain	mine-495834.xyz	—	2025-03-03
domain	mougin.com	—	2025-03-03
domain	mygov-inboxaus.com	—	2025-03-03
domain	mygov-security.com	—	2025-03-03
domain	mygovau-service.com	—	2025-03-03
domain	mygovaus-inbox.com	—	2025-03-03
domain	newwesttruck.ca	—	2025-03-03
domain	nkedin.co	—	2025-03-03
domain	notice-ausreport.com	—	2025-03-03
domain	notice-reportaus.com	—	2025-03-03
domain	notice-servicesaus.com	—	2025-03-03
domain	notif-bnp.com	—	2025-03-03
domain	oliverhough.io	—	2025-03-03
domain	path-coinbase.com	—	2025-03-03
domain	portal-dasfinancas.com	—	2025-03-03
domain	redir.com	—	2025-03-03
domain	rentaserv.ru	—	2025-03-03
domain	santanderhelppage.com	—	2025-03-03
domain	saratogacasino.com	—	2025-03-03
domain	scotiabank-auth.com	—	2025-03-03
domain	scotiaonline-loginscotia.com	—	2025-03-03
domain	setting.cc	—	2025-03-03
domain	sms-mougin.com	—	2025-03-03
domain	snb-olbanking.com	—	2025-03-03
domain	subrogationstrategist.com	—	2025-03-03
domain	swedbank-help.com	—	2025-03-03
domain	temporary.fail	—	2025-03-03
domain	trstwalsecu.com	—	2025-03-03
domain	trust-wallet-service.com	—	2025-03-03
domain	tsb-live-chat.com	—	2025-03-03
domain	tter.com	—	2025-03-03
domain	updatemyacc.com	—	2025-03-03
domain	validation-bnp.com	—	2025-03-03
domain	web-manage-help-secure-support.com	—	2025-03-03
domain	www-wpx.net	—	2025-03-03
email	abuse@hostway.ru	—	2025-03-03
email	dl@hostway.ru	—	2025-03-03
hostname	account.bitpanda-bestaetigungsverfahren.com	—	2025-03-03
hostname	api.alerte-bnp.com	—	2025-03-03
hostname	billing.hostway.ru	—	2025-03-03
hostname	blog.sekoia.io	—	2025-03-03
hostname	info.spamhaus.com	—	2025-03-03
hostname	pluralism.themancav.com	—	2025-03-03
hostname	www.energy.vic.gov.au	—	2025-03-03
hostname	www.hostway.ru	—	2025-03-03
hostname	www.hyas.com	—	2025-03-03

References (1)

↗ https://www.intrinsec.com/prospero-proton66-tracing-uncovering-the-links-between-bulletproof-networks/