IOC Radar
IPMediumSignal 64/100

85.29.137.56

Location
KazakhstanKazakhstan
Karaganda, Karaganda
ASN
AS21299
Orbita-plus LLP
First Seen
Apr 27, 2022
Last Seen
Jun 6, 2026
Apr 27
First Seen
1508d ago
Jun 6
Last Seen
8d ago
24
Reports
source reports
64%
Confidence
medium
9/91
VirusTotal
detections
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryKZKazakhstan
RegionKaraganda, Karaganda
ASNAS21299
OrganizationOrbita-plus LLP

Feed Intelligence Summary

24 reports64% confidence
24
Source reports
64%
Confidence score
Category tags
a5 httpsa6 httpsabuseabuseipdbaccount compromiseactive scanactive scanningaerospace & defenseapacheapache attackeraptasiaattackattacker ipsaustraliaauthenticationauto-generated securityautomated attackautomotive manufacturingbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 servercanadacertcisco devicecivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised systemconnected devicescowriecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential_stuffing_attemptcyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attacksdnsdns attackelectronics manufacturingencryptionenterprise networkingexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfattftpftp brute forcegovernment technologyhackinghoneytrap honeypothttp brute forcehttp scannerhttp scanningidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfected hostinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityipv4it infrastructurejapankazakhstanlamplamp exploit attemptslamp exploitation attemptslamp stack attackslateral movementlinuxmailoney honeypotmalicious activitymalicious ipsmalicious linksmalicious softwaremalicious software detectionmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmanualmanufacturing technologymilitary operationsmssqlmssql brute forcemultiple protocolsnational securitynetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_scanningnextraynorth americaoceaniaopenctioriginp0fpassword attacksphishingphishing attackphishing trapportscanpotential credential theftpotential intrusionpotential malware distributionprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activityscripting attackssecurity operationsself-signedsensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksftp attackssip attackssip brute forcesip scanningsmart devicessmb attackssmb brute forcesmtpsmtp brute forcesocial engineeringsocradarsoftware developmentspamsql injectionsql serversshssh attackssh attacksssh monitoringsupply chain attacksupply chain managementt-pott1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1078.004t1082t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1589t1590t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat_actor_unknownthreat_discoverytokyotor nodetorontotpotunited statesunknown groupvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr_platformweb app attackweb application attackweb attackweb exploitationweb securityweb serverweb server attacksweb spamweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
24
Reports
First seenApr 27, 2022
Last seenJun 6, 2026
GeolocationKZ
CountryKazakhstan
LocationKaraganda, Karaganda
ASNAS21299
OrgOrbita-plus LLP
Coords48.0000, 68.0000

VirusTotal

9/ 91vendors flagged
10% detection rateJun 7, 2026

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 85.29.137.0 - 85.29.137.255 netname: ORBITA-PLUS-NET descr: ORBITA-PLUS LLP descr: ISP, ITSP (VoIP), TSP, Sattelite Phone Service Provider descr: 87 Abai str. descr: Karaganda country: KZ admin-c: AS31785-RIPE admin-c: AG1476-RIPE tech-c: AG1476-RIPE tech-c: AS31785-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: ORBITA-PLUS-MNT created: 2005-05-30T13:58:12Z last-modified: 2005-05-30T13:58:12Z source: RIPE # Filtered person: Alexey Gromov address: mkr. Koktem-2, bld. 22 address: KZ phone: +77273500115 nic-hdl: AG1476-RIPE mnt-by: ORBITA-PLUS-MNT created: 2002-08-08T09:05:46Z last-modified: 2015-06-26T12:06:28Z source: RIPE # Filtered person: Anton Slobodyanuk address: Orbita Plus LLP address: mkr. Koktem-2, bld. 22 address: KZ phone: +7 727 3500115 mnt-by: ORBITA-PLUS-MNT nic-hdl: AS31785-RIPE created: 2002-02-13T07:12:19Z last-modified: 2015-06-26T12:04:01Z source: RIPE # Filtered route: 85.29.136.0/23 descr: 2DAY Telecom LLP descr: Karaganda, Kazakhstan origin: AS21299 mnt-by: ORBITA-PLUS-MNT created: 2006-03-10T08:14:04Z last-modified: 2008-08-06T11:30:41Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/vultrwarsaw-mssql-bruteforce-ip-list-2024-04-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-mssql-bruteforce-ip-list-2023-12-31/, https://jamesbrine.com.au/vultrparis-mssql-bruteforce-ip-list-2023-09-27/, https://raw.githubusercontent.com/duggytuxy/malicious_ip_addresses/main/botnets_zombies_scanner_spam_ips.txt, https://jamesbrine.com.au/vultrwarsaw-mssql-bruteforce-ip-list-2023-08-07/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 8 days ago
Appeared in 24 threat reports