IOC Radar
IPMediumSignal 88/100

81.29.142.6

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS210259
ApcoTeh
First Seen
Dec 20, 2025
Last Seen
Jun 5, 2026
Dec 20
First Seen
172d ago
Jun 5
Last Seen
4d ago
22
Reports
source reports
88%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS210259
OrganizationApcoTeh

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

22 reports88% confidence
22
Source reports
88%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccount compromiseackactive reconnaissanceactive scanactive scanningadbadb attacksadb_protocoladbhoney activityadbhoney honeypotagentalertalland exploitation attemptsapacheapache attackerapi servicesapplication layer protocolaptasiaasset discoveryattackattack attemptattack preparatoryattack surface discoveryattack vector: networkattack vectorsattacker ip addressesaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication bypassauthentication failureauthentication_attackauthentication_failuresautomated attackautomated attacksautomated botautomated threatautomated-attackautomated_attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force-attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2canadacins activecisco asacisco asa targetingcisco brute forcecisco devicecisco device attackscisco device targetedcisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptsclasscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud platformcloud providercloud servicescloud-infrastructurecloud_infrastructurecommand & controlcommand and controlcommand executioncommodity threatcommunication protocolcompromise attemptscompromised credentialscompromised hostcompromised hostsconfig manipulationconfiguration modificationconnect scanconpot honeypotcontent deliverycountcountrycowriecowrie activitycowrie attackscowrie datacowrie emulationcowrie honeypotcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute-force attackcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential theftcredential-accesscredential-bruteforcingcredential-harvestingcredential-stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcron injectioncvecyber threatcyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase probingdatabase scandatabase securitydatabase serverdatabase serversdatabase_attackdatabase_serviceddosddos attackddos potentialddos reflectiondecoy systemdenial of servicedevice managementdhcpdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attacksdionaea capturedionaea exploitsdionaea honeypotdiscovery phasedistributed attacksdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingentropyenumerationenv-huntinget dropeuropeeurope/asiaeventsexploitexploit attemptexploit attemptsexploit-attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed servicesexternal access attemptsexternal attackexternal reconnaissanceexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfattfieldfin scanfranceftpftp attacksftp brute forceftp brute-forceftp protocolftp scanftp scanningftp_attackftp_protocolftp_scanhackinghoneypot 24h activityhoneytrap honeypothoneytrap interactionshttp brute forcehttp exploitationhttp scanhttp scannerhttp scanninghttp/shttp_protocolhttp_scanhttpshydraicmpics securityics/scadaics/scada attackics/scada attacksidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemindustrial control systemsinformation gatheringinformation technologyinfrastructure attackinfrastructure reconnaissanceinfrastructure targetinginfrastructure: cloudinitial accessinitial access activityinitial access attemptinitial access attemptsinitial access preparationinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksinternet background noiseinternet exposedinternet exposureinternet facing assetinternet facing assetsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocioc.ipiocsiot attacksiot device targetingiot securityiot targetediot/ics attackip-addressesipp_protocolipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 indicatoripv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsipv4_iocipv4_scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploit attemptslamp exploitation attemptslamp server targetedlamp stacklamp stack targetinglateral movementldaplinux serverslinux systemslinux_server_attackslisted sourceloginlogin attacklogin attemptlogin attemptslogin_attemptlondonlow-riskmail service attackmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious infrastructuremalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious payloadmalicious softwaremalicious trafficmalicious-activitymalicious-scanmalicious_activitymalicious_trafficmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware download attemptsmalware droppermalware infectionmalware propagationmalware_activitymalware_distribution_attemptmass scanningmass-scanningmasscanmelbourne regionmispmodbusmodule loadingmonthlymssqlmysqlmysql protocolnetworknetwork activitynetwork attacksnetwork devicenetwork device attacknetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusionsnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicenetwork service discoverynetwork service scanningnetwork servicesnetwork-device-exploitationnetwork-devicesnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_attacknetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_servicenetworkscanningnginxnmapnorth americantpnull scanoceaniaopen proxyopen_port_discoveryopencanaryopenctiopportunistic attackopportunistic attackeropportunistic-attackoracleosintp0fparispassword attackpassword attackspassword crackingpassword-guessingpassword_attackpassword_guessingpathperimeter securityphishingphishing attackphishing trappingpolandpoor reputationportport-scanningportscanpossible botnet activitypossible malware distributionpostgrespostgresql securitypotential compromisepotential credential stuffingpotential data exfiltrationpotential exploit activitypotential malware deliverypotential threat actorpotential vulnerability exploitationpotential vulnerability probingpre-attackprocess injectionprotoprotocol exploitationproxypublic cloudpublic cloud targetingpublicly accessible infrastructureransomwareraspberry-pircerdprdp protocolrdp scanrdp scanningrdp_attackrdp_scanreconnaissancereconnaissance_activityredisredis exploitationredis honeypotremote accessremote access attacksremote access attemptremote service exploitationremote servicesremote_accessreplication attackresearchedresource hijackingrurussiarussian federationscanscannerscanner activityscanner ipscanner ipsscannersscanning activityscanning_activityscorescript kiddiescripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetserver exploitationserver securityserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice-discoveryservice_enumerationseveresftp access attemptssftp activitysftp attacksftp attackssftp exploitationsftp exploitation attemptssftp protocolsftp_protocolsingaporesip attackssip brute forcesip protocolsip scanningsip vulnerability scansip_protocolslaveofsmbsmb attackssmb exploitationsmb_attacksmb_protocolsmtpsmtp attacksmtp brute forcesmtp probingsmtp scansmtp scanningsmtp_protocolsnmpsocial engineeringsocks5socradarsocradar honeypotsoftware developmentspamsql injectionsql_attacksshssh attackssh attacksssh bruteforcessh key injectionssh monitoringssh protocolssh scanssh scanningssh_attackssh_protocolssh_scansynsyn scant1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.005t1059.007t1071t1071.001t1072t1076t1077t1078t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1187t1190t1202t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1531t1550.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1574.001t1580t1583t1589t1590t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp port 6379tcp port scanningtcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/iptcp_scantelecommunicationstelnettelnet scantelnet scanningtelnet threattelnet_attacktelnet_protocolthreat activitythreat actorthreat detectionthreat intelligencethreat intelligence feedthreat-intelthreat-intelligencethreat_activitythreat_actor_unknownthreat_discoverythreat_intelligencetokyotor nodetorontotpottpotcetypeudp port scanudp port scanningudp scanudp-scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized probingunauthorized_access_attemptunited kingdomunited statesunknown actorunknown threat actorus ip addressus sourceus_originvalid accountsvaluevncvnc protocolvoipvoip attackvoip attacksvoip systemvpnvpn ipvulnerabilityvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr-platformvultr_platformvultr_platform_activityweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploit attemptweb exploitationweb hostingweb infrastructureweb serverweb server attacksweb serversweb service scanningweb servicesweb spamweb technologiesweb trafficweb-exploitationweb-serversweb_application_attackweb_attackxmas scan

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
22
Reports
First seenDec 20, 2025
Last seenJun 5, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS210259
OrgApcoTeh
Coords55.7386, 37.6068
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 81.29.142.0 - 81.29.142.255 netname: ApcoTeh country: RU admin-c: DM14205-RIPE abuse-c: ACRO62670-RIPE tech-c: DM14205-RIPE status: ASSIGNED PA mnt-by: mnt-ru-imaqliq-1 mnt-by: CUBIO-RUS-MNT mnt-by: MICTIAN created: 2026-02-16T18:05:23Z last-modified: 2026-02-16T18:05:23Z source: RIPE person: Dmitry S. Matveev address: Russia, Saint-Petersburg, 192019, ul. Sedova 11B phone: +7-812-4167416 org: ORG-DIL32-RIPE nic-hdl: DM14205-RIPE mnt-by: MICTIAN created: 2016-03-28T11:00:30Z last-modified: 2026-02-16T12:44:40Z source: RIPE # Filtered route: 81.29.142.0/24 origin: AS210259 mnt-by: mnt-ru-imaqliq-1 mnt-by: CUBIO-RUS-MNT mnt-by: MICTIAN created: 2025-12-12T20:14:58Z last-modified: 2025-12-12T20:14:58Z source: RIPE
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrmelbournetest-redis-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrmelbournetest-mysql-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 4 days ago
Appeared in 22 threat reports