IOC Radar
IPMediumSignal 48/100

77.37.226.228

Location
Russian FederationRussian Federation
Moscow, MOW
ASN
AS42610
NCNET
First Seen
Dec 13, 2024
Last Seen
Jun 12, 2026
Dec 13
First Seen
561d ago
Jun 12
Last Seen
15d ago
23
Reports
source reports
48%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryRURussian Federation
RegionMoscow, MOW
ASNAS42610
OrganizationNCNET

Feed Intelligence Summary

23 reports48% confidence
23
Source reports
48%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningatif feedattackauthentication attackauthentication failuresauto-generated securitybad reputationbanlist feedbinary defensebotnetbotnet activitybrute forcebrute force attackcommand and controlcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attackseuropeeurope/asiaexploitation activityfail2ban triggeredftp brute forcehackingidentity & access exploitationimapimap attackindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityit infrastructurelogin attemptmalicious activitymalicious softwaremalwaremanualnetworknetwork reconnaissancenetwork scanningpassword attacksphishingphishing attackpotential intrusion attemptprocess injectionreconnaissanceresearchedrurussiarussian federationscannersecurity policyservice scansftp attacksmtpsmtp attackersocial engineeringsoftware developmentssh attackssh monitoringt1021t1021.001t1021.002t1041t1046t1055t1059t1059.004t1071.001t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat preventiontor nodeudp port scanunauthorized accessunited kingdomweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
23
Reports
First seenDec 13, 2024
Last seenJun 12, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, MOW
ASNAS42610
OrgNCNET
Coords55.7483, 37.6171

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 77.37.168.0 - 77.37.247.255 netname: NCN-BBCUST descr: NKS broadband customers country: RU admin-c: NCN7-RIPE tech-c: NCN7-RIPE status: ASSIGNED PA mnt-by: NCNET-MNT mnt-lower: NCNET-MNT created: 2008-12-10T15:27:23Z last-modified: 2010-01-20T13:01:19Z source: RIPE role: NCNET NCC Operations address: National Cable Networks address: Nagatinskaya str., 1, bldn. 26 address: 117105 Moscow, Russia org: ORG-NCN1-RIPE admin-c: RVP-RIPE tech-c: RVP-RIPE phone: +7 495 6859542 fax-no: +7 495 6859530 mnt-by: NCNET-MNT nic-hdl: NCN7-RIPE created: 2007-03-26T07:46:58Z last-modified: 2015-10-12T11:53:05Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 77.37.192.0/18 descr: NCNET origin: AS42610 mnt-by: NCNET-MNT mnt-lower: NCNET-MNT created: 2009-12-30T09:46:07Z last-modified: 2009-12-30T09:46:07Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 15 days ago
Appeared in 23 threat reports