IOC Radar
IPMediumSignal 100/100

176.118.208.89

Location
Russian FederationRussian Federation
Ryazan, RYA
ASN
AS60042
OnTelecom LLC
First Seen
Mar 28, 2025
Last Seen
Feb 12, 2026
Mar 28
First Seen
440d ago
Feb 12
Last Seen
118d ago
14
Reports
source reports
99%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryRURussian Federation
RegionRyazan, RYA
ASNAS60042
OrganizationOnTelecom LLC

Feed Intelligence Summary

14 reports99% confidence
14
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningattackblacklist candidateblacklisted ipsbotnetbotnet activitybrute forcebrute force attackc2 communicationcisco devicecommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationddosddos attacksdecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingeurope/asiaftp brute forcehackinghoneytrap honeypothttp botnetics securityindicatorindustrial control systemsinternet of thingsintrusion detectioniot botnetiot/ics attackirc botnetlamplateral movementmailoney honeypotmalicious activitymalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmirai botnetnetworknetwork attacksnetwork infrastructurenetwork probenetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedrussiarussian federationscanscannersecurity policysftp attacksocial engineeringssh attackssh monitoringt1021.001t1021.002t1040t1041t1046t1055t1059.004t1068t1071t1071.001t1077t1078t1105t1110.001t1110.002t1110.003t1110.004t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1565t1566.001t1566.002t1566.003t1566.004t1595.001t1595.002t1595.003tcp protocoltelecommunicationsthreat actorthreat detectionthreat intelligencethreat prevention

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
14
Reports
First seenMar 28, 2025
Last seenFeb 12, 2026
GeolocationRU
CountryRussian Federation
LocationRyazan, RYA
ASNAS60042
OrgOnTelecom LLC
Coords54.6161, 39.7376

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 445 SMB. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 176.118.208.0 - 176.118.211.255 netname: OnTelecom descr: OnTelecom LLC Ryazan country: RU org: ORG-ONTE1-RIPE admin-c: ALNT-RIPE tech-c: ALNT-RIPE status: ASSIGNED PA mnt-by: MNT-EMERALD mnt-routes: ONTELECOM-MNT mnt-domains: ONTELECOM-MNT created: 2018-03-26T07:22:05Z last-modified: 2018-03-26T07:22:05Z source: RIPE geoloc: 54.628102 39.728634 organisation: ORG-ONTE1-RIPE org-name: OnTelecom LLC country: RU org-type: Other address: 390023, Russian Federation, Ryazan, Yablochkova 5 building 35A abuse-c: AR24984-RIPE mnt-ref: ONTELECOM-MNT mnt-by: ONTELECOM-MNT created: 2014-05-30T06:44:13Z last-modified: 2022-12-01T17:22:03Z source: RIPE # Filtered person: NOC Emerald address: Jeseniova 1151/55, Prague, Czech Republic mnt-by: MNT-EMERALD phone: +420226020395 nic-hdl: ALNT-RIPE created: 2009-11-25T11:01:13Z last-modified: 2023-02-16T12:52:15Z source: RIPE # Filtered route: 176.118.208.0/22 descr: OnTelecom LLC Route 185.42.230.0/23 origin: AS60042 org: ORG-ONTE1-RIPE mnt-routes: ONTELECOM-MNT mnt-by: ONTELECOM-MNT created: 2018-03-26T07:31:40Z last-modified: 2018-03-26T07:31:40Z source: RIPE # Filtered organisation: ORG-ONTE1-RIPE org-name: OnTelecom LLC country: RU org-type: Other address: 390023, Russian Federation, Ryazan, Yablochkova 5 building 35A abuse-c: AR24984-RIPE mnt-ref: ONTELECOM-MNT mnt-by: ONTELECOM-MNT created: 2014-05-30T06:44:13Z last-modified: 2022-12-01T17:22:03Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 14 threat reports