IOC Radar
IPMediumSignal 100/100

188.134.77.6

Location
Russian FederationRussian Federation
St Petersburg, Sankt-Peterburg
ASN
AS41733
Interzet
First Seen
Sep 7, 2021
Last Seen
Jan 19, 2026
Sep 7
First Seen
1737d ago
Jan 19
Last Seen
142d ago
21
Reports
source reports
99%
Confidence
medium
5/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryRURussian Federation
RegionSt Petersburg, Sankt-Peterburg
ASNAS41733
OrganizationInterzet

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlaccount compromiseactive scanningadbhoney honeypotapacheapache attackeratif feedattackaustraliaauto-generated securitybanlist feedbinary defenseblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attacksc2cisco devicecitrix exploitation attemptcitrix securitycloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolconnectcowriecowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationddosddos attacksdecoy systemdevice managementdionaeadionaea honeypotdionaea interactionsdistributed attacksemailenterprise networkingenterprise securityeurope/asiaexploit kit activityftpftp brute forcegroupshoneytrap honeypotindicatorinfrastructure acquisitionreconnaissanceinitial accessinternet of thingsintrusion detectioniot botnetiot/ics attacklamplamp exploitation attemptslateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious softwaremalwaremalware behaviourmalware capturemanualmirai botnetmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork service scanningnorth americaoceaniapassword attacksphishingphishing attackphishing trappotential malware deliverypotential malware distributionpotential malware infectionprocess injectionprotocol exploitationprotocol scanningreconnaissanceresearchedresource hijackingrtbhrurussiarussian federationscanscannerscanning activityscriptsecurity policysentrypeer botnetsftpsftp activitysftp attackshell access attemptssipsip attackssip brute forcesip scanningslugsmtp brute forcesocial engineeringsshssh attackssh monitoringsurface webt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1040t1041t1046t1053t1055t1059t1059.004t1068t1071.001t1077t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1565t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1587.001t1588t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner interactionstcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontsecunauthorized access attemptunauthorized access attemptsunited statesvoipvoip attack

Activity Timeline

1 total obs
Jan 19Jan 19

Threat Activity Heatmap

· Peak: 2026-01-19
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenSep 7, 2021
Last seenJan 19, 2026
GeolocationRU
CountryRussian Federation
LocationSt Petersburg, Sankt-Peterburg
ASNAS41733
OrgInterzet
Coords59.8983, 30.2618

VirusTotal

5/ 91vendors flagged
5% detection rateJun 8, 2026

WHOIS

description
2025-02-21T15:17:50.187Z Honeypot : Dionaea : Source: 188.134.77.6 : Port: 1433 Connection: {'transport': 'tcp', 'protocol': 'mssqld', 'type': 'accept'}
raw
inetnum: 188.134.72.0 - 188.134.79.255 netname: INTERZET-NET2 descr: Z-Telecom Network country: RU admin-c: RAID1-RIPE tech-c: RAID1-RIPE status: ASSIGNED PA mnt-by: RAID-MNT created: 2012-04-25T10:56:08Z last-modified: 2019-05-20T07:14:24Z source: RIPE # Filtered role: ER-Telecom ISP Contact Role address: JSC "ER-Telecom" address: 111, str. Shosse Kosmonavtov address: 614000 Perm address: Russian Federation phone: +7 342 2462233 fax-no: +7 342 2463344 abuse-mailbox: [email protected] remarks: 24/7 phone number: +7-342-2362233 admin-c: AAS585-RIPE admin-c: SAWJ-RIPE tech-c: AAS585-RIPE tech-c: SAWJ-RIPE nic-hdl: RAID1-RIPE mnt-by: RAID-MNT created: 2005-02-11T12:50:50Z last-modified: 2024-07-24T09:39:40Z source: RIPE # Filtered route: 188.134.64.0/18 descr: Interzet-net origin: AS41733 mnt-by: ZTELECOM-MNT mnt-by: RAID-MNT created: 2011-03-18T14:49:57Z last-modified: 2015-07-09T12:43:29Z source: RIPE # Filtered
references
https://redpiranha.net, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/vultrparis-mssql-bruteforce-ip-list-2024-04-30/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmadrid-mssql-bruteforce-ip-list-2024-04-22/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 months ago
Appeared in 21 threat reports