IOC Radar
IPHighVerifiedSignal 69/100

5.3.86.110

Location
Russian FederationRussian Federation
Nizhniy Novgorod, Nizhny Novgorod Oblast
ASN
AS211202
GAU NO "CIT"
First Seen
Apr 6, 2026
Last Seen
May 11, 2026
Apr 6
First Seen
71d ago
May 11
Last Seen
35d ago
5
Reports
source reports
69%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryRURussian Federation
RegionNizhniy Novgorod, Nizhny Novgorod Oblast
ASNAS211202
OrganizationGAU NO "CIT"

Feed Intelligence Summary

5 reports69% confidence
5
Source reports
69%
Confidence score
Category tags
active scanactive scanningaegisamberblock ratebrute forcebrute force attackerbrute-forcecorazadigital oceandropseuropeeurope/asiaexfiltrationexploitation activityexploited hostfullgermanyhackingindicatormalwarenetworkpolandportscanreconnaissanceresearchedrurussiascannerscannersservice scansnmpt1595.001t1595.002t1595.003telnet

Activity Timeline

1 total obs
May 11May 11

Threat Activity Heatmap

· Peak: 2026-05-11
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
5
Reports
First seenApr 6, 2026
Last seenMay 11, 2026
Verified IOC
GeolocationRU
CountryRussian Federation
LocationNizhniy Novgorod, Nizhny Novgorod Oblast
ASNAS211202
OrgGAU NO "CIT"
Coords55.7386, 37.6068

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 5.3.86.0 - 5.3.86.255 netname: GAU-NO-CIT-NET country: RU admin-c: AZ8343-RIPE org: ORG-GA993-RIPE tech-c: AZ8343-RIPE status: ASSIGNED PA mnt-by: RAID-MNT created: 2021-12-24T07:05:53Z last-modified: 2021-12-24T07:05:53Z source: RIPE organisation: ORG-GA993-RIPE org-name: GAU NO "CIT" country: RU org-type: OTHER address: 33 Oktiabrskay str. address: 603000, N. Novgorod address: Russia abuse-c: ACRO41121-RIPE mnt-ref: RAID-MNT mnt-by: RAID-MNT mnt-ref: WESTCALLSPB-MNT-RIPE mnt-by: WESTCALLSPB-MNT-RIPE created: 2021-05-14T08:46:54Z last-modified: 2022-12-01T17:12:58Z source: RIPE # Filtered person: Andrey Zakharov address: 33 Oktiabrskay str. address: 603000, N. Novgorod address: Russia phone: +7 910 790 1803 nic-hdl: AZ8343-RIPE mnt-by: WESTCALLSPB-MNT-RIPE created: 2021-05-13T13:36:29Z last-modified: 2021-05-13T13:53:38Z source: RIPE # Filtered route: 5.3.86.0/24 descr: GAU NO "CIT"-NET-Nizhny Novgorod, Russia origin: AS211202 org: ORG-GA993-RIPE mnt-by: MNT-ERTHOLDING mnt-by: RAID-MNT created: 2021-12-24T07:06:55Z last-modified: 2021-12-24T07:06:55Z source: RIPE organisation: ORG-GA993-RIPE org-name: GAU NO "CIT" country: RU org-type: OTHER address: 33 Oktiabrskay str. address: 603000, N. Novgorod address: Russia abuse-c: ACRO41121-RIPE mnt-ref: RAID-MNT mnt-by: RAID-MNT mnt-ref: WESTCALLSPB-MNT-RIPE mnt-by: WESTCALLSPB-MNT-RIPE created: 2021-05-14T08:46:54Z last-modified: 2022-12-01T17:12:58Z source: RIPE # Filtered
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 months ago · Last seen 1 month ago
Appeared in 5 threat reports