IPMediumSignal 36/100
90.188.227.59
Location
Russian FederationIrkutsk, IRK
ASN
AS12389
OJSC Sibirtelecom
First Seen
Jan 19, 2025
Last Seen
Apr 7, 2026
Jan 19
First Seen
517d ago
Apr 7
Last Seen
74d ago
10
Reports
source reports
36%
Confidence
medium
1/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionIrkutsk, IRK
ASNAS12389
OrganizationOJSC Sibirtelecom
Feed Intelligence Summary
10 reports36% confidence
10
Source reports
36%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningattackattack vector: networkattempted compromiseauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceautomated attackautomated threatbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbruteforcingcommand and controlcommunication protocolcompromise credentialscompromised credentialscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredentialsdata exfiltrationdata store exposureddosddos attackddos attacksdecoy systemdefault credentialsdistributed attackseurope/asiaexploit public-facing applicationexploitationexploitation activityexternal originexternal remote servicesidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinfrastructure impairmentinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attacklateral movementloginlogin attacklogin attemptlogin brute forcelogin brute-forcelogin failuremalicious activitymalicious network activitymalicious softwaremalwaremanualmirai botnetnetworknetwork accessnetwork attacksnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork exploitationnetwork intrusionnetwork intrusion attemptnetwork loginnetwork login attemptnetwork logonnetwork perimeternetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service protocolnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnorth americaos credential dumpingos credentials dumpingpassword attackpassword attackspassword brute forcepassword crackingphishingphishing attackprocess injectionprotocol exploitationprotocol: telnetransomwarereconnaissanceremote accessremote access attackremote access protocolremote access serviceremote authenticationremote loginremote serviceremote servicesresearchedrurussiarussian federationscanscannerscanning activitysecurity operationssecurity policyservice scansingle ip sourcesocial engineeringssh attackstolen credentialst1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1046t1048t1055t1056.001t1059t1059.001t1059.004t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1565t1566.001t1566.002t1566.003t1567t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeunauthorized accessunauthorized loginunited statesunited states sourceus /32us based attackus ip addressus ip sourceus sourceus source ipus-based attackusa sourceuser executionvalid accountsvulnerability scan
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The IPv4 address `90.188.227.59` is a significant Indicator of Compromise (IOC) with a score of 35.54, indicating a moderate to elevated risk to organizational security. This IP address has been consistently identified across multiple reputable threat intelligence feeds, pointing to its involvement in potentially malicious activities. Analysis of related data reveals a pattern of behavior consistent with reconnaissance and brute-force attempts, as evidenced by its frequent appearance in Telnet h…
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
10
Reports
First seenJan 19, 2025
Last seenApr 7, 2026
GeolocationRU
CountryRussian Federation
LocationIrkutsk, IRK
ASNAS12389
OrgOJSC Sibirtelecom
Coords52.8692, 103.5601
WHOIS
- description
- Telnet bruteforce client IP
- raw
- inetnum: 90.188.224.0 - 90.188.231.255 netname: WEBSTREAM descr: OJSC "Sibirtelecom" remarks: Irkutsk branch remarks: broadband service country: RU remarks: remarks: NCC # 2007102448 remarks: INFRA-AW remarks: admin-c: ICT2-RIPE tech-c: ICT2-RIPE mnt-by: ROSTELECOM-MNT status: SUB-ALLOCATED PA remarks: remarks: Direct reference for the general info on spam remarks: In unsoluble cases for the general info on spam, remarks: abusing & hacking complaints email [email protected] remarks: created: 2025-08-26T11:45:47Z last-modified: 2025-08-26T11:45:47Z source: RIPE # Filtered role: Irkutsk Central Telegraph address: Irkutsk branch of JSC "Sibirtelecom", address: Irkutsk Central Telegraph address: 12, Proletarskaya ul. address: Irkutsk, 664011 address: Russia phone: +7 395 2 242072 phone: +7 395 2 242036 fax-no: +7 395 2 240098 admin-c: DN216-RIPE tech-c: VEK2-RIPE nic-hdl: ICT2-RIPE mnt-by: IRTEL-MNT created: 2003-04-29T06:01:05Z last-modified: 2021-10-06T09:47:00Z source: RIPE # Filtered route: 90.188.224.0/19 descr: Rostelecom networks origin: AS12389 mnt-by: ROSTELECOM-MNT created: 2018-10-31T11:47:21Z last-modified: 2018-10-31T11:47:21Z source: RIPE # Filtered
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 10 threat reports