IOC Radar
IPMediumSignal 52/100

109.172.54.44

Location
FinlandFinland
Helsinki, VOR
ASN
AS215540
OY Creanova Hosting Solutions LTD
First Seen
Jul 3, 2025
Last Seen
Mar 31, 2026
Jul 3
First Seen
345d ago
Mar 31
Last Seen
74d ago
14
Reports
source reports
52%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

84 techniques

Network Information

CountryFIFinland
RegionHelsinki, VOR
ASNAS215540
OrganizationOY Creanova Hosting Solutions LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports52% confidence
14
Source reports
52%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotanomalous network connectionsapplication layer protocolasiaattackaustraliaauthentication abuseauthentication attackauthentication attacksauthentication failurebad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2c2 communicationchina mobilecloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised hostcompromised systemsconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential stuffingcredential_accesscurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddos probeddospotdecoy systemdenial of servicedenial-of-service attemptdionaea honeypotdionaea interactionsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeeurope/asiaexecutable fileexfiltrationexploitexploit attemptsexploit targetingexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostextortionfattfatt signaturesfinlandfranceftpftp attackftp brute forcegalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapindicatorindustrial control systemsinfrastructure attackinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot/ics attackipphoney honeypotipv4kibanalateral movementlog4potlogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware distributionmalware downloadmedpotmssqlnetworknetwork accessnetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_attacknorth americaobserved malicious activityoceaniap0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionprivilege escalationprocess injectionprotocol exploitationproxyproxy accessransomwarercereconnaissancereconnaissance activityredis honeypotremote accessremote code executionremote servicesresearchedresource hijackingrussiascanscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer interactionsserver exploitationservice enumerationservice scanshell accessshell access attemptsip scanningsippsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsnaresocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssh attackssh monitoringssh scanningsshdsuricata alertsuricata alertssyn scansystem disruptiont1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1573t1588t1588.002t1588.006t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedtimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited statesus abuseus noneus source ipvnc protocolvoipvoip attackvulnerability scanweb application attackweb application scanweb attackweb exploitationweb login attemptweb shellweb shell uploadweb spamweb trafficwgetwordpot

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
14
Reports
First seenJul 3, 2025
Last seenMar 31, 2026
GeolocationFI
CountryFinland
LocationHelsinki, VOR
ASNAS215540
OrgOY Creanova Hosting Solutions LTD
Coords51.6664, 39.1700
Proxy

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected attempting to brute force Redis on private honeypot
raw
inetnum: 109.172.54.0 - 109.172.54.255 netname: GCS_SER-NET org: ORG-GCSL7-RIPE country: FI admin-c: EM14633-RIPE tech-c: EM14633-RIPE status: ASSIGNED PA mnt-by: ru-vpsville1-1-mnt created: 2025-04-23T06:45:04Z last-modified: 2025-04-23T06:45:04Z source: RIPE organisation: ORG-GCSL7-RIPE descr: Global Connectivity Solutions org-name: GLOBAL CONNECTIVITY SOLUTIONS LLP country: GB org-type: OTHER address: Suite 310, 21 Hill Street, Haverfordwest, Pembrokeshire, SA61 1QQ abuse-c: ACRO55365-RIPE remarks: -----CONTACT----- remarks: abuse: [email protected] remarks: support: [email protected] remarks: -------END------- mnt-ref: GIRnet-mnt remarks: -----CUSTOMERS----- mnt-ref: AM-VDS mnt-ref: INETTECH-MNT mnt-ref: ru-avm-1-mnt mnt-ref: ru-pev-1-mnt mnt-ref: PROEKT-MNT mnt-ref: proxy-six-mnt mnt-ref: IPSMAIN mnt-ref: IEAG mnt-ref: MNT-DGTL mnt-ref: MNT-INTERLAN mnt-ref: AZERONLINE-MNT mnt-ref: lir-ru-powernet-1-MNT mnt-ref: lir-ru-llclorien-1-MNT mnt-ref: ru-permtelecom-1-mnt mnt-ref: DATAMAX-M mnt-ref: IVC-MNT mnt-ref: FREENET-MNT mnt-ref: BG-MNT mnt-ref: ru-quasar-1-mnt mnt-ref: voldeta-mnt mnt-ref: interlir-mnt mnt-ref: mnt-ru-ipdenisova-1 mnt-ref: MNT-STRL mnt-ref: MNT-GCX mnt-ref: ROSNIIROS-MNT mnt-ref: IPMAGNAT-MNT mnt-ref: VPSVILLE-mnt mnt-ref: lir-ae-royal-1-MNT mnt-ref: MNT-NETERRA mnt-ref: SVT-RIPE-MNT mnt-ref: mnt-ru-am-1 mnt-ref: us-coreip-1-mnt mnt-ref: mnt-bg-eurocrypt-1 mnt-ref: lir-ae-technology-1-MNT mnt-ref: sc-rapidseedbox-1-mnt mnt-ref: sistemaltd-mnt mnt-ref: mnt-hr-maxko-1 mnt-ref: MNT-TIGRIS mnt-ref: mnt-yuglink mnt-ref: ru-ip84-1-mnt mnt-ref: ru-avm-1-mnt mnt-ref: IROST-MNT remarks: --------END-------- mnt-by: GCS-MNT created: 2024-01-25T10:49:19Z last-modified: 2025-09-16T15:22:49Z source: RIPE # Filtered person: Global Connectivity Solutions address: Suite 310, 21 Hill Street, Haverfordwest, Pembrokeshire, SA61 1QQ remarks: -----CONTACT----- remarks: -------END------- phone: +44 117 409 0977 nic-hdl: EM14633-RIPE mnt-by: GCS-MNT created: 2024-01-25T10:42:56Z last-modified: 2024-10-26T14:02:57Z source: RIPE # Filtered route: 109.172.54.0/24 origin: AS215540 mnt-by: ru-vpsville1-1-mnt created: 2025-04-23T06:39:02Z last-modified: 2025-04-23T06:39:02Z source: RIPE
references
https://redpiranha.net, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-08-30/, https://jamesbrine.com.au, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2025-08-22/, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-09-13/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 14 threat reports