HomeCVE Intelligence › CVE-2017-17215
CVSS 8.0 HIGH 🔴 ACTIVELY EXPLOITED Vulnerability

CVE-2017-17215: A week after Dutch FIOD seized 800+ servers, the hosting network's ASN (AS209847) is stil…

<!-SC_OFF --><div class="md"><p>After FIOD seized 800+ servers and arrested two operators on May 18, the ELLIO research team reports that scanning from the network's ASN ranges has co…

8.0CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2017-17215
Vendorreddit_netsec
Affected ProductThreat Intelligence
Vulnerability TypeVulnerability
CVSS Score8.0 (HIGH)
Actively Exploited✅ Yes
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via reddit_netsec)

🔬 Technical Analysis

<!-- SC_OFF --><div class="md"><p>After FIOD seized 800+ servers and arrested two operators on May 18, the ELLIO research team reports that scanning from the network's ASN ranges has continued largely uninterrupted - and that while roughly a third of the recently-active ranges (including the legacy Stark blocks 94.131.105.0/24 and 92.118.232.0/24) have since been withdrawn from global routing, the surviving ranges under AS209847 (WorkTitans / THE.Hosting) are still announced and still scanning, at the network's normal daily rate. </p> <p>The sibling ASNs (AS213999 and the Moscow-based AS33993) remain routed and idle. </p> <p>The recent activity skews toward database and ICS/SCADA discovery = MongoDB, Redis, PostgreSQL, Ora

🎯 Known Indicators of Compromise

{"type":"ipv4","value":"94.131.105.0","confidence_score":0.88,"first_seen":"2026-05-28","source_count":1} {"type":"ipv4","value":"92.118.232.0","confidence_score":0.88,"first_seen":"2026-05-28","source_count":1} {"type":"url","value":"https://www.reddit.com/user/HexLayer3">","confidence_score":0.82,"first_seen":"2026-05-28","source_count":1} {"type":"url","value":"https://ellio.tech/en/blog/sanctioned-seized-still-scanning-inside-a-russian-bulletproof-hosting-net","confidence_score":0.82,"first_seen":"2026-05-28","source_count":1} {"type":"url","value":"https://www.reddit.com/r/netsec/comments/1tp6dz0/a_week_after_dutch_fiod_seized_800_servers_the/&quo","confidence_score":0.82,"first_seen":"2026-05-28","source_count":1} {"type":"domain","value":"www.reddit.com","confidence_score":0.75,"first_seen":"2026-05-28","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2017-17215 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence