IOC Radar
IPMediumSignal 80/100

80.64.19.174

Location
BelarusBelarus
Bel', Moscow
ASN
AS48031
IT Hostline Ltd
First Seen
Jul 5, 2025
Last Seen
Mar 1, 2026
Jul 5
First Seen
345d ago
Mar 1
Last Seen
106d ago
7
Reports
source reports
80%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryBYBelarus
RegionBel', Moscow
ASNAS48031
OrganizationIT Hostline Ltd

Feed Intelligence Summary

7 reports80% confidence
7
Source reports
80%
Confidence score
Category tags
abuseaccess controlactive scanningbelarusblacklist activityblacklist hitblacklist matchingblacklisted ipblacklisted ip detectionbotnetbotnet activitybrute forcebrute force attemptscommand and controlcommand executioncredential accesscredential stuffingdata encryptiondata exfiltrationdatabase attackdatabase securitydecoy systemdhcpdhcp abusedhcp exploitationdhcp scandhcp scanningdistributed attackselasticsearchelasticsearch brute forceelasticsearch exploitationelasticsearch exposureelasticsearch scaneuropeeurope/asiaftpftp brute forceimapimap brute forceimap scanimap scanningindicatorinformation gatheringlateral movementldapldap brute forceldap enumerationldap scanmalicious softwaremalwarememcache scanmemcached amplificationmemcached exploitationmemcached scanmemcached scanningmssqlmssql brute forcemssql exploitationnetworknetwork monitoringnetwork protocolnetwork scanningnetwork securitynetwork service scanningntpntp amplificationntp scanntp scanningoracleoracle brute forceoracle databaseoracle exploitationpossible botnet activitypostgres brute forcepostgresql brute forcepostgresql exploitationpotential botnet activityprocess injectionprotocol exploitationqhoneypot detectionreconnaissanceredis brute forceredis exploitationremote accessremote servicesresearchedrussiascanscannersecurity policyserver exploitationservice enumerationsmb brute forcesmb enumerationsmb scanningsnmp exploitationsnmp scansocks5socks5 exploitationsocks5 proxysocks5 proxy scanningsocks5 scansocks5 scanningsql injectionssh attackt1005t1007t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1046t1047t1053t1055t1059t1059.003t1059.004t1059.005t1068t1071.001t1077t1078t1083t1087t1110t1110.002t1133t1187t1189t1190t1210t1486t1496t1499.002t1499.003t1505.004t1555t1565t1592t1595t1595.001t1595.002t1595.003telnet threatthreat intelligencethreat preventionvnc protocolvnc scanvnc scanning

Activity Timeline

1 total obs
Mar 1Mar 1

Threat Activity Heatmap

· Peak: 2026-03-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
7
Reports
First seenJul 5, 2025
Last seenMar 1, 2026
GeolocationBY
CountryBelarus
LocationBel', Moscow
ASNAS48031
OrgIT Hostline Ltd
Coords55.7386, 37.6068

VirusTotal

Not checked

WHOIS

raw
inetnum: 80.64.19.0 - 80.64.19.255 netname: RU-PRIME-20250103 country: RU org: ORG-PL579-RIPE tech-c: PL15005-RIPE admin-c: PL15005-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2025-01-17T09:04:36Z last-modified: 2025-03-11T08:54:52Z source: RIPE organisation: ORG-PL579-RIPE org-name: Prime LLC country: RU org-type: LIR address: Maliy Konushkovskiy per., d. 2, pomesh. 196 address: 123242 address: Moscow address: RUSSIAN FEDERATION phone: +7 (495) 132-63-05 admin-c: PL15005-RIPE tech-c: PL15005-RIPE abuse-c: AR77862-RIPE mnt-ref: lir-ru-prime-1-MNT mnt-ref: IP-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-prime-1-MNT created: 2025-03-10T13:30:34Z last-modified: 2025-03-11T08:47:44Z source: RIPE # Filtered role: Prime LLC address: RUSSIAN FEDERATION address: Moscow address: 123242 address: Maliy Konushkovskiy per., d. 2, pomesh. 196 phone: +7 (495) 132-63-05 nic-hdl: PL15005-RIPE mnt-by: lir-ru-prime-1-MNT created: 2025-03-10T13:30:33Z last-modified: 2025-03-10T13:30:34Z source: RIPE # Filtered route: 80.64.19.0/24 origin: AS213021 mnt-by: IP-RIPE created: 2025-03-11T16:04:10Z last-modified: 2025-03-11T16:04:10Z source: RIPE route: 80.64.19.0/24 origin: AS216341 mnt-by: IP-RIPE created: 2025-06-01T08:56:19Z last-modified: 2025-06-01T08:56:19Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 3 months ago
Appeared in 7 threat reports