IOC Radar
IPMediumSignal 100/100

5.8.11.202

Location
RussiaRussia
St Petersburg, St.-Petersburg
ASN
AS34665
PIN DC
First Seen
Mar 23, 2024
Last Seen
Aug 5, 2025
Mar 23
First Seen
828d ago
Aug 5
Last Seen
327d ago
25
Reports
source reports
99%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

101 techniques

Network Information

CountryRURussia
RegionSt Petersburg, St.-Petersburg
ASNAS34665
OrganizationPIN DC

Feed Intelligence Summary

25 reports99% confidence
25
Source reports
99%
Confidence score
Category tags
abuseaccess attemptaccess attemptsackack scanactive scanningapacheapache attackerapplication layer ddosapplication layer protocolatif feedattackattack sourceauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication failuresautomated attackautomated attacksbanlist feedbanner grabbing attemptbinary defenseblocked ip addressesbotnetbotnet activitybrute forcebrute force attackbrute force attackscisco devicecisco exploitcisco exploitation attemptcode executioncommand and controlcommand executioncommunication protocolconnect scanconpot honeypotcowrie activitycowrie attackscowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdatabase probingdatabase securityddosddos attackddos attack activityddos attemptddos preparationddos probedecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdionaea activitydionaea honeypotdistributed attackdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingenumerationenumeration activityenumeration attemptexim exploit attemptexploitexploit attemptexploit kitsexploit probingexploit scanexploitationexploitation attemptexploitation attemptsexternal scanextortionfail2ban blocked ipfail2ban blocked ipsfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfinfin port scanfin scanfinance and insurancefirewall detectionfirewall evasionfirewall eventsftpftp brute forceftp bruteforceheralding activityhigh volume traffichoneytrap honeypothttp brute forcehttp bruteforcehttp floodhttp probehttp scannerhttp scanninghttps probehttps scanninghydraicmpicmp floodics securityimap brute forceindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial accessintrusion detectioninvalid loginiot/ics attacklamplamp stack attacklateral movementlog analysislogin attacklogin attackslogin attemptlogin attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremalware activitymalware behaviourmalware capturemalware detectionmalware distributionmalware hostingmanualmass scanningmass scanning activitymasscanmassive port scanmedusamysql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer ddosnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmapntp amplificationnull port scannull scanopen port detectionopen port discoveryopen port identificationopen portsos detectionpassword attackpassword attacksphishingphishing attackphishing trappop3 brute forcepossible bot activitypossible botnet activitypossible malicious activitypossible malware distributionpossible malware probingpossible reconnaissancepossible reconnaissance activitypossible vulnerability scanpotential botnet activitypotential compromisepotential credential compromisepotential intrusion attemptpotential malware distributionpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationpublic sectorransomwareransomware activityreconnaissancereconnaissance activityredis honeypotreflection attackreflection ddosremote accessremote access attemptsremote servicesresearchedresource hijackingrurussian federationscanscannerscanning activityscripting attackssecurity eventsentrypeer attackssentrypeer botnetserver scanningservice discoveryservice disruptionservice enumerationservice version detectionsftp attacksftp probingshellshock attemptsip brute forcesip scanningsip vulnerability scanningsmb scanningsmtpsmtp attackersmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware exploitationspam campaignssql injection attemptssh attackssh bruteforcessh monitoringstealthstealth scansuspected malicious activitysynsyn floodsyn port scansyn scansystem disruptiont1003t1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1048t1053t1055t1057t1059t1059.001t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136t1137t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1497t1498t1498.001t1498.002t1499.001t1499.002t1499.003t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1580t1583t1587.001t1588t1588.001t1588.002t1588.003t1589t1589.001t1589.002t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003t1598tannertanner activitytanner attackstargeted scantcp protocoltcp scanningtcp/80telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetpotudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesunknown threat actoruser enumerationvalid accountsversion detectionvnc protocolvoipvoip attackvolumetric ddosvulnerability scanweb application attackweb application attacksweb application scanningweb attackweb exploitationweb injectionweb loginweb scannerweb server attackweb shell uploadweb trafficxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Aug 5Aug 5

Threat Activity Heatmap

· Peak: 2025-08-05
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
25
Reports
First seenMar 23, 2024
Last seenAug 5, 2025
GeolocationRU
CountryRussia
LocationSt Petersburg, St.-Petersburg
ASNAS34665
OrgPIN DC
Coords59.8761, 30.4339

VirusTotal

Not checked

WHOIS

description
2024-11-17T17:12:11.058Z Honeypot : Tanner : Source: 5.8.11.202 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'type': 1, 'name': 'index', 'order': 1}, 'sess_uuid': '2832fcb3-80b2-42ad-b735-4d2d47cc7aa2'}}}
raw
inetnum: 5.8.8.0 - 5.8.11.255 netname: PINDC-public-vlans country: RU org: ORG-PINl1-RIPE admin-c: PIN44050-RIPE tech-c: PIN44050-RIPE status: ASSIGNED PA mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2015-11-28T12:44:46Z last-modified: 2020-12-16T10:43:39Z source: RIPE organisation: ORG-PINl1-RIPE org-name: Petersburg Internet Network ltd. country: RU org-type: LIR address: Sofijskaya 48, building 4, appt. H-11 address: 192236 address: Saint-Petersburg address: RUSSIAN FEDERATION phone: +78126772525 fax-no: +78123093916 admin-c: MNV32-RIPE tech-c: SEO-RIPE abuse-c: PIN44050-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-PIN mnt-ref: MNT-PINSUPPORT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-PIN created: 2009-05-28T09:40:17Z last-modified: 2021-06-11T23:12:37Z source: RIPE # Filtered role: PINDC Support and NOC Teams org: ORG-PINl1-RIPE address: 58 Malaya Balkanskaya address: Saint-Petersburg address: 192029 address: RUSSIAN FEDERATION phone: +78126772525 abuse-mailbox: [email protected] nic-hdl: PIN44050-RIPE mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2013-06-08T06:08:16Z last-modified: 2020-12-16T10:58:34Z source: RIPE # Filtered route: 5.8.11.0/24 descr: PIN DC origin: AS34665 mnt-by: MNT-PINSUPPORT mnt-by: MNT-PIN created: 2019-11-07T13:35:28Z last-modified: 2019-11-07T13:35:28Z source: RIPE
references
https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/telekom-security/tpotce, https://blacklist.3coresec.net/lists/et-open.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 months ago
Appeared in 25 threat reports