IOC Radar
IPMediumSignal 28/100

91.231.253.77

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS44027
Saturn-Online Ltd
First Seen
Jul 7, 2025
Last Seen
Apr 16, 2026
Jul 7
First Seen
349d ago
Apr 16
Last Seen
65d ago
7
Reports
source reports
28%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
28%
Signal Score
28 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

18 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS44027
OrganizationSaturn-Online Ltd

Feed Intelligence Summary

7 reports28% confidence
7
Source reports
28%
Confidence score
Category tags
abuseactive scanactive scanningaustraliabad reputationbotnetbotnet activitybrute forcecommand and controlcommunication protocolcredential accesscredential stuffingdata exfiltrationdata store exposuredistributed attackseurope/asiaexploitation activityidentity & access exploitationindicatorinjection activityipv4malicious softwaremalwarenetworknetwork probingnetwork reconnaissancenetwork scanningnetwork securityoceaniaprocess injectionreconnaissanceresearchedrussiascanscannersip scanningssh attackssh scanningsshdt1018t1040t1046t1055t1059t1071.001t1110.002t1133t1190t1486t1496t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003tajikistantelecommunicationsvoip

Activity Timeline

1 total obs
Apr 16Apr 16

Threat Activity Heatmap

· Peak: 2026-04-16
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
28
SIGNAL
Signal Score
28%
Confidence
7
Reports
First seenJul 7, 2025
Last seenApr 16, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS44027
OrgSaturn-Online Ltd
Coords55.7386, 37.6068

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected performing scans on production environment located in Australia.
raw
inetnum: 91.231.252.0 - 91.231.255.255 netname: ORG-SPIT1-RIPE country: TJ org: ORG-SPIT1-RIPE sponsoring-org: ORG-Vs35-RIPE admin-c: FRNG1-RIPE tech-c: FRNG1-RIPE status: ASSIGNED PI mnt-by: vissado-mnt mnt-by: RIPE-NCC-END-MNT mnt-by: SPITAMEN-ALEXANDER-INTERNET-MNT created: 2021-08-05T16:13:59Z last-modified: 2021-08-11T03:40:24Z source: RIPE organisation: ORG-SPIT1-RIPE org-name: Spitamen Alexander Internet LLC. country: TJ org-type: OTHER address: Sino district, st. Shamsi 5/3, Dushanbe, Tajikistan abuse-c: ACRO42255-RIPE mnt-ref: vissado-mnt mnt-by: vissado-mnt mnt-by: SPITAMEN-ALEXANDER-INTERNET-MNT created: 2021-07-12T13:14:13Z last-modified: 2022-12-01T16:53:03Z source: RIPE # Filtered person: Yamakova Farangiz address: Sino district, st. Shamsi 5/3, Dushanbe, Tajikistan phone: +992770000550 nic-hdl: FRNG1-RIPE mnt-by: vissado-mnt created: 2021-07-12T13:13:15Z last-modified: 2021-07-12T13:13:15Z source: RIPE route: 91.231.253.0/24 descr: SaturnOnline-route253 origin: AS44027 mnt-by: MNT-SATURN-ONLINE created: 2011-10-11T07:09:57Z last-modified: 2011-10-11T07:09:57Z source: RIPE
references
https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 7 threat reports