IPMediumSignal 80/100

`115.248.8.65`

Location

India

Jaipur, TN

ASN

AS18101

Reliance Communications Limited

First Seen

Jun 17, 2025

Last Seen

Jun 12, 2026

Jun 17

First Seen

359d ago

Jun 12

Last Seen

today

Reports

source reports

80%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

80%

Signal Score

80 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

74 techniques

Network Information

Country

India

RegionJaipur, TN

ASNAS18101

OrganizationReliance Communications Limited

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

33 reports80% confidence

Source reports

80%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsantispamapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackaustraliaauthentication abuseauthentication attacksauthentication bypassautomated attackautomated attacksback orificebad ip'sbad reputationbad web botbankingblacklist activityblacklist checkblacklist ipblacklisted ipblacklisted ip activityblacklisted ipsblock listblock.txtblocklist_allbotnetbotnet activitybotnet_activitybrutebrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 communicationchina mobilecisco devicecisco exploit attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemcompromised systemsconnection-resetcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredit card servicesdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attacksdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdhcpdhcp attackdhcp scandhcp scanningdigital oceandionaeadionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackeducational institution targetingelasticsearchelasticsearch attackelasticsearch scanelasticsearch scanningencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitation activityexploitation attemptexploitation attemptsexploited hostexploitsfailed login attemptsfattfatt detectionsfatt signaturesfilefinancefinancial servicesfinancial technologyfinlandfranceftpftp brute forceftp brute-forceftp bruteforcegermanyhackinghk abusehandlerhoneynet connecthoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationidsimapimap attackimap brute forceinindiaindonesiainfected hostsinformation gatheringinformation technologyinitial accessinjection activityinjection attacksinput validation bypassinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4it infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptlamp exploitation attemptslamp server attacklamp stack attackslateral movementlateral movement attemptsldapldap attackldap bruteforceldap scanldap scanninglog4jlogin attemptlow-riskmailmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious domainsmalicious file transfermalicious ip activitymalicious softwaremalicious trafficmalicious urlsmalwaremalware behaviourmalware c2malware capturemalware distributionmalware propagationmemcache attackmemcached scanmemcached scanningmirai botnetmod securitymodsecurity alertsmodsecurity attacksmssqlmssql attackmssql brute forcemssql bruteforcemysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_reconnaissancenorth americantpntp attackntp scanntp scanningoceaniaoracleoracle attackoracle brute forceoracle bruteforceosintp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspath traversalpayment processingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible credential reusepossible malware distributionpostgrespostgresql attackpostgresql brute forcepostgresql bruteforceprocess injectionprotocol exploitationprotocol-probingproxyqhoneypot activityransomwarereconnaissancereconnaissance activityredisredis brute forceredis bruteforceremote accessremote code executionremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scansftp attacksftp attemptsipsip brute forcesmbsmb brute forcesmb bruteforcesmb scanningsmtpsmtp brute forcesmtp probingsmtp scanningsnmpsnmp scansocial engineeringsocks5socks5 attacksocks5 proxysocks5 proxy activitysocradar honeypotsoftware developmentspamsql injectionsshssh attackssh bruteforcessh monitoringsuricata alertssystem discoverysystembct-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnettelnet bruteforcetelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized loginunited statesus abuseus nonevncvnc protocolvnc scanningvoipvoip attackvulnerability scanvulnerability-exploitationvultrwealth managementweb app attackweb application attackweb application attacksweb application exploitationweb attackweb attacksweb brute forceweb exploitationweb scannerweb shell detectionweb spamweb trafficwebsite defacementwordpress brute force

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

80%

Confidence

Reports

First seenJun 17, 2025

Last seenJun 12, 2026

GeolocationIN

CountryIndia

LocationJaipur, TN

ASNAS18101

OrgReliance Communications Limited

Coords12.8996, 80.2209

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: inetnum: 115.248.0.0 - 115.255.255.255 netname: RCOM descr: Reliance Communications Ltd descr: Dhirubai Ambani Knowledge City descr: Thane Belapur Road, KoparKhairane descr: Navi Mumbai - 400710 descr: India country: IN org: ORG-RCL5-AP admin-c: AH406-AP tech-c: AH406-AP abuse-c: AR1060-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-IN-SN mnt-routes: MAINT-IN-SN mnt-irt: IRT-RELIANCE-COMMUNICATIONS-IN last-modified: 2021-01-13T00:13:49Z source: APNIC irt: IRT-RELIANCE-COMMUNICATIONS-IN address: Reliance Communication Ltd address: NNOC, 1st floor address: International Area , A Block address: Dhirubai Ambani Knowledge City, e-mail: [email protected] abuse-mailbox: [email protected] admin-c: AH406-AP tech-c: AH406-AP auth: # Filtered remarks: [email protected] was validated on 2025-06-16 mnt-by: MAINT-IN-SN last-modified: 2025-09-04T05:15:23Z source: APNIC organisation: ORG-RCL5-AP org-name: Reliance Communications Limited org-type: LIR country: IN address: NNOC , First Floor, address: DAKC, Thane Belapur Road phone: +91-22-30372618 fax-no: +91-22-30383899 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:48Z source: APNIC role: Antiabuse Helpdesk address: Reliance Communication Ltd address: Antiabuse Helpdesk, 2nd Floor, address: International Area , A Block address: Dhirubai Ambani Knowledge City, address: Thane Belapur Road, KoparKhairane, address: Navi Mumbai - 400710 country: IN phone: +91-22-30334141-5 fax-no: +91-22-30334949 e-mail: [email protected] remarks: Send spam & abuse Reports remarks: include detailed information & time remarks: to [email protected] admin-c: IH158-AP tech-c: AH405-AP nic-hdl: AH406-AP notify: [email protected] mnt-by: MAINT-IN-SN last-modified: 2011-12-06T00:10:18Z source: APNIC role: ABUSE RELIANCECOMMUNICATIONSIN country: ZZ address: Reliance Communication Ltd address: NNOC, 1st floor address: International Area , A Block address: Dhirubai Ambani Knowledge City, phone: +000000000 e-mail: [email protected] admin-c: AH406-AP tech-c: AH406-AP nic-hdl: AR1060-AP remarks: Generated from irt object IRT-RELIANCE-COMMUNICATIONS-IN remarks: [email protected] was validated on 2025-06-16 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-06-16T05:53:33Z source: APNIC route: 115.248.8.0/22 origin: AS18101 descr: Reliance Communications Limited NNOC , First Floor, DAKC, Thane Belapur Road mnt-by: MAINT-IN-SN last-modified: 2023-07-20T10:41:21Z source: APNIC
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7358525198976868352-vdpo?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d

`115.248.8.65`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy