IOC Radar
IPMediumSignal 80/100

176.120.22.240

Location
Russian FederationRussian Federation
St Petersburg, St.-Petersburg
ASN
AS198953
Proton66 OOO
First Seen
Feb 1, 2026
Last Seen
Jun 10, 2026
Feb 1
First Seen
130d ago
Jun 10
Last Seen
yesterday
22
Reports
source reports
80%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryRURussian Federation
RegionSt Petersburg, St.-Petersburg
ASNAS198953
OrganizationProton66 OOO

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

22 reports80% confidence
22
Source reports
80%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbadb protocoladb-attacksadbhoney honeypotaptasiaattackattack attemptattacker-ipaustraliaauthenticationauthentication abuseautomated attackautomated attack activityautomated attacksautomated threatautomated-attackbad reputationbad web botblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute_forcebruteforcec&c communicationcisco devicecisco exploitationcisco exploitation attemptcisco exploitation attemptscisco targetingcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommunication protocolcompromised systemconnected devicesconpot activityconpot exploitationconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-stuffingcve exploitationdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdistributed attacksdnp3dropperelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeeurope/asiaexploitexploit attemptexploit attemptsexploit kitexploit-attemptexploit-attemptsexploitationexploitation activityexploitation attemptexploited hostexport-to-otxexternal access attemptsfailed loginfattftpftp brute forceftp brute-forcehackinghoneypot 24h activityhoneytrap datahoneytrap honeypothttp exploitationhttp scannerhttp/httpshttp/sics securityics-scada-attacksics/scadaics/scada attackidentity & access exploitationindicatorindustrial control systemsindustrial iotinformation gatheringinformation technologyinitial accessinitial-access-attemptsinjection activityinjection attacksinternet of thingsinternet-facing assetsinternet-facing serviceintrusion detectioniociocsiot analyticsiot applicationsiot device attackiot device targetingiot platformsiot securityiot/ics attackippipphoney honeypotipv4it infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp stacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinux serverslinux systemslinux_server_attackslogin attemptlow-riskmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious softwaremalicious trafficmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware downloadmalware droppermalware propagationmalware_activitymispmobilemobile securitymodbusmssqlnetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-reconnaissancenorth americaoceaniaopen proxyosintp0fpassword attacksphishingphishing attackphishing trapport-scanport-scanningportscanpossible malware distributionprivilege escalationprocess injectionprotocol exploitationproxypublicly accessible infrastructureransomwarereconnaissanceredis honeypotremote accessremote access attacksremote servicesresearchresearchedresource hijackingrurussiascannerscannersscanning activityscripting attackssecurity alertsecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scanservice scanningsftp access attemptsftp attacksftp attackssftp exploitation attemptsftp exploitation attemptssftp protocolsftp-attackssip attackssip brute forcesip protocolsip scanningsip vulnerability scansip-attackssmart devicessmb exploitationsmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh attacksssh bruteforcessh monitoringssh protocolssh-attacksssh-brutet1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1064t1071t1071.001t1076t1077t1078t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotceunauthorized access attemptunauthorized probingunited kingdomunited statesunknown threat actorus ip addressvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitationweb server attacksweb spamweb trafficweb_attack

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
22
Reports
First seenFeb 1, 2026
Last seenJun 10, 2026
GeolocationRU
CountryRussian Federation
LocationSt Petersburg, St.-Petersburg
ASNAS198953
OrgProton66 OOO
Coords59.9311, 30.3609
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 1 day ago
Appeared in 22 threat reports