IOC Radar
IPMediumSignal 72/100

80.91.28.69

Location
Russian FederationRussian Federation
Tyumen, TYU
ASN
AS15493
JSC Russian Company.
First Seen
Mar 12, 2025
Last Seen
Feb 3, 2026
Mar 12
First Seen
467d ago
Feb 3
Last Seen
139d ago
10
Reports
source reports
72%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Network Information

CountryRURussian Federation
RegionTyumen, TYU
ASNAS15493
OrganizationJSC Russian Company.

Feed Intelligence Summary

10 reports72% confidence
10
Source reports
72%
Confidence score
Category tags
active scanningaustraliaauthenticationbotnetbrute forcebrute force attackbrute force attemptcommand and controlcredential accesscredential stuffingdata exfiltrationdistributed attackseurope/asiaindicatormalicious activitymalicious softwaremalwarenetworknetwork boundaryoceaniapassword attackpassword attacksprocess injectionreconnaissancered piranharemote accessresearchedrurussiarussian federationscannerssh attackt1021.004t1055t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1486t1496t1499.002t1499.003t1565t1588t1588.004t1595.001t1595.002t1595.003threat actor

Activity Timeline

1 total obs
Feb 3Feb 3

Threat Activity Heatmap

· Peak: 2026-02-03
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
10
Reports
First seenMar 12, 2025
Last seenFeb 3, 2026
GeolocationRU
CountryRussian Federation
LocationTyumen, TYU
ASNAS15493
OrgJSC Russian Company.
Coords57.1533, 65.5418

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 80.91.28.0 - 80.91.31.255 netname: RUSCOMP-NET descr: JSC Russian Company. Internet service provider in Tyumen descr: Client with dynamic allocation (PPPoE) country: RU admin-c: AMAX1-RIPE tech-c: DZ12-RIPE status: ASSIGNED PA mnt-by: RUSCOMP-MNT created: 2017-10-05T02:20:13Z last-modified: 2018-12-07T06:28:20Z source: RIPE person: Andrew Maximov nic-hdl: AMAX1-RIPE address: Join Stock Company "Russian Company" address: Tyumen, Russia, 625000 address: Respublic str, 53 phone: +7-3452-390001 phone: +7-3452-390011 mnt-by: RUSCOMP-MNT created: 2003-01-25T20:17:30Z last-modified: 2003-01-25T20:17:30Z source: RIPE # Filtered person: Dmitriy Zamuraev address: Russia, Tyumen, Respubliki street, 53 phone: +7 3452 390007 nic-hdl: DZ12-RIPE created: 2008-04-03T04:40:58Z last-modified: 2017-10-30T22:00:03Z source: RIPE # Filtered mnt-by: MNT-NETLINE-NSP mnt-by: RUSCOMP-MNT route: 80.91.28.0/24 descr: Russian company LLC descr: Internet and Telephony service provider in Russia, Tyumen origin: AS15493 mnt-by: RUSCOMP-MNT created: 2019-10-02T09:10:05Z last-modified: 2019-10-02T09:10:05Z source: RIPE
references
https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 10 threat reports