IPMediumSignal 56/100
5.101.64.6
Location
Russian FederationSt Petersburg, St.-Petersburg
ASN
AS34665
PIN DC
First Seen
Jun 17, 2025
Last Seen
Jun 19, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionSt Petersburg, St.-Petersburg
ASNAS34665
OrganizationPIN DC
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
29 reports56% confidence
29
Source reports
56%
Confidence score
Category tags
4.2.2abuseabuseipdbaccess attemptsaccess controlaccount compromiseaccount securityactive reconnaissanceactive scanactive scanningadbadb attacksadb protocoladb_protocoladbhoney activityadbhoney attackadbhoney attacksadbhoney detectionadbhoney exploitsadbhoney honeypotadminadministrative accessagentalertand exploitation attemptsandroid device attacksanomalous network connectionsapacheapache attackerapi servicesapplication layer protocolaptasiaattackattack attemptattack patternattack sourceattack source ipattacker ipattacker ip addressesattacker ipsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication-attemptsauthentication_failuresauto-blockedauto-generatedauto-updatedautomated attackautomated attacksautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botbelgiumblacklist ipblock listblock.txtblocked-ipsblocklist_allblog spambotnetbotnet activitybotnet-activitybrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute-force-attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 servercanadachinachina mobilecins activecisco asacisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device attackscisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscisco_devicescisco_exploitcloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system attemptcompromised system detectioncompromised systemsconfig manipulationconfiguration modificationconnect scanconpot activityconpot attackconpot attacksconpot exploitation attemptconpot honeypotconpot interactioncontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie_attackcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential compromise attemptcredential exploitationcredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_guessingcredential_stuffingcron injectioncryptocurrencycryptocurrency threatscryptojackingcurlcyber threatsdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata source discoverydata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scandatabase securitydatabase serversdatabase servicesdatabase-serverdcerpcddosddos attackddos attacksddos probeddos reflectionddospotdecoy systemdenial of servicedenial-of-service attemptdenmarkdevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware sampledionaea malware samplesdionaea malware trapdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringelectronic health recordsemerging threatsencryptionenterprise networkingenumerationenv-huntinget dropeuropeeurope/asiaexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploit targetingexploit_attemptexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed servicesexternal access attemptsexternal attackexternal remote servicesexternal threatexternal-threatexternal_threatextortionfailed loginfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_bruteforceftp_protocolgalahgeneric exploitgermanygithubgluttongopothackinghealth care and social assistancehealth information technologyhealthcare information systemshellpotheralding activityheralding behaviorheralding scanherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghospital managementhttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttp/shttp_protocolhttpshttps probinghttps scanninghurricane usicelandicmpicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationimapimap attackindiaindicators of compromiseindonesiaindustrial control systemsinformation gatheringinformation technologyinfostealerinfrastructure attackinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_accessinjection activityinjection attacksinternet facinginternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing serviceinternet-facing servicesinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioninvalid credentialsiociocsiot attacksiot botnetiot deviceiot device attacksiot exploitation attemptsiot securityiot systemsiot targetediot/ics attackip-address-iocipp_protocolipphoney activityipphoney honeypotipv4ipv4 addressipv4 attacksipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressipv4_indicatorsirelandisp-reputationit infrastructureitalyjapanjordankibanakorea, republic ofkyrgyzstanlamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_exploitlateral movementlateral_movementlcialiechtensteinlinux malwarelinux serverlinux serverslinux system targetinglinux systemslinux targetslinux-server-attacklinux-server-attackslinux-systemlinux_server_attackslinux_serverslisted sourcelithuanialog4potlogin attacklogin attemptlogin attemptslogin_attemptlondonmailoney activitymailoney attackmailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware downloadmalware download attemptsmalware propagationmalware stagingmalware_activitymalware_detectionmalware_distribution_attemptmedical servicesmedpotmelbourne regionmexicomiraimirai botnetmispmitre-attackmobile threatmodbusmodbus attacksmodbus protocolmodule loadingmonthlymssqlmssql brute forcemulti-protocol network scanningmultiple port scanmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork devicenetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-devicesnetwork-discoverynetwork_activitynetwork_devicenetwork_discoverynetwork_probingnetwork_reconnaissancenetwork_scannetworkscanningnginxnorth americanorwaynull scanoceaniaopen port detectionopen proxyopencanaryopenctioperating systemoperating system securityopportunistic attackopportunistic attackeropportunistic attacksos command injectionos credential dumpingot attacksp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingpatient carepattern-32pattern-38pgp signphishingphishing attackphishing trapphp injection attemptspingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible credential reusepossible exploit attemptpossible malware activitypossible malware deploymentpossible malware distributionpossible malware propagationpossible reconnaissancepossible reconnaissance activitypossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential compromisepotential credential stuffingpotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential intrusionpotential intrusion attemptpotential malicious activitypotential malware deliverypotential malware distributionpotential malware uploadpotential reconnaissancepotential threat actorpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic-facing applicationpublicly accessible infrastructureransomwareraspberry-pircerdprdp attacksrdp scanningreconnaissancereconnaissance activityredisredis attacksredis exploitationredis honeypotredishoneypot activityremote accessremote access abuseremote access attemptremote access attemptsremote servicesremote_accessreplication attackresearchedresidential proxyresource developmentresource hijackingromaniarurussias7comms7comm attackss7comm protocolscadascams & fraudscanscannerscanner activityscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer targetedserbiaserver exploitationserversservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptssftp probingsftp protocolsftp scanningsftp-attacksftp_attacksftp_protocolshellshell accessshell access attemptsingaporesip activitysip attackssip brute forcesip heraldingsip probingsip protocolsip scansip scanningsip vulnerability probingsip_attacksip_protocolsippslaveofsmb attackssmb brute forcesmb_protocolsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsmtp trafficsmtp_attacksmtp_protocolsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsouth americaspainspamsql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh brute-forcessh bruteforcessh key injectionssh monitoringssh protocolssh-brute-forcessh-bruteforcessh_bruteforcessh_protocolssl-enrichmentssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply-chainsuricata alertsuricata alertsswedensynsyn scansystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1033t1036.006t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1069.001t1070.004t1071t1071.001t1071.004t1072t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1088t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1140t1185t1187t1189t1190t1195t1195.002t1199t1202t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1547.001t1550t1550.002t1550.003t1552.001t1555t1555.003t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1573.002t1574.001t1583t1583.006t1585t1586t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner attackstanner detectiontanner eventstanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp/ipteam cymrutelecommunicationstelnettelnet attackstelnet scanningtelnet threattelnet-brute-forcetelnet_protocolthreat actorthreat actor activitythreat actor: unknownthreat detectionthreat feedthreat intelthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_intelligencetimeouttop10.txttopips.txttor nodetpottpotcetraffic anomaliesttpsturkeyudp port scanudp scanunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunidentified threat actorunited kingdomunited statesunix targetsunknown threat actorunsolicited trafficus abuseus ip addressus noneus sourcevalid accountsvnc protocolvoidtrapvoipvoip attackvoip attacksvpnvpn ipvulnerabilityvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweak password attackweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attack attemptsweb attacksweb developmentweb exploit attemptweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb serverweb server attacksweb server probingweb serversweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serverweb-serversweb_applicationweb_application_attackweb_attackweb_attackswgetwinwindowswindows malwarewindows system targetingwordpotxmas scan
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
29
Reports
First seenJun 17, 2025
Last seenJun 19, 2026
GeolocationRU
CountryRussian Federation
LocationSt Petersburg, St.-Petersburg
ASNAS34665
OrgPIN DC
Coords55.7386, 37.6068
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- inetnum: 5.101.64.0 - 5.101.65.255 netname: PIN-DATACENTER-NET descr: public vlans of DC country: RU org: ORG-PINl1-RIPE admin-c: PIN44050-RIPE mnt-domains: MNT-PINSUPPORT mnt-domains: MNT-PIN tech-c: PIN44050-RIPE status: ASSIGNED PA mnt-by: MNT-PIN mnt-routes: MNT-PINSUPPORT mnt-by: MNT-PINSUPPORT created: 2022-11-14T07:34:42Z last-modified: 2022-11-14T07:34:42Z source: RIPE organisation: ORG-PINl1-RIPE org-name: Petersburg Internet Network ltd. country: RU org-type: LIR address: Sofijskaya 48, building 4, appt. H-11 address: 192236 address: Saint-Petersburg address: RUSSIAN FEDERATION phone: +78126772525 fax-no: +78123093916 admin-c: MNV32-RIPE tech-c: SEO-RIPE abuse-c: PIN44050-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-PIN mnt-ref: MNT-PINSUPPORT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-PIN created: 2009-05-28T09:40:17Z last-modified: 2021-06-11T23:12:37Z source: RIPE # Filtered role: PINDC Support and NOC Teams org: ORG-PINl1-RIPE address: 58 Malaya Balkanskaya address: Saint-Petersburg address: 192029 address: RUSSIAN FEDERATION phone: +78126772525 abuse-mailbox: [email protected] nic-hdl: PIN44050-RIPE mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2013-06-08T06:08:16Z last-modified: 2020-12-16T10:58:34Z source: RIPE # Filtered route: 5.101.64.0/24 descr: PIN DC origin: AS34665 mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2019-11-07T13:35:30Z last-modified: 2019-11-07T13:35:30Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-08-14/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-08-12/, https://jamesbrine.com.au/vultrparis-redis-bruteforce-ip-list-2025-08-12/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen today
Appeared in 29 threat reports