IPMediumSignal 57/100

`2.63.211.145`

Location

Russian Federation

Yekaterinburg, Moscow

ASN

AS12389

Rostelecom

First Seen

Jul 9, 2024

Last Seen

Jun 3, 2026

Jul 9

First Seen

704d ago

Jun 3

Last Seen

10d ago

Reports

source reports

57%

Confidence

medium

8/91

VirusTotal

detections

Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

81 techniques

Network Information

Country

Russian Federation

RegionYekaterinburg, Moscow

ASNAS12389

OrganizationRostelecom

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

23 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaatif feedattackattack attemptattack surface discoveryattack vectorsaustraliaauthentication attemptsauto-generated securityautomated attackautomated_attackbad reputationbad web botbanlist feedbinary defenseblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attemptbruteforcec2 communicationc2 serverchina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemsconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential compromise attemptcredential harvestingcredential stuffingctacurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdecoy systemdenial of servicedionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeeurope/asiaexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfranceftpftp attackftp attacksftp brute forceftp brute-forceftp scanninggalahgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial_accessinjection activityinjection attacksinternet facing systemsinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioniociocsiot securityiot/ics attackipphoney honeypotipv4ipv4 addressesipv4-iocipv4_addressipv4_indicatorskibanalateral movementlog4potlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmedpotmelbourne regionmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-discoverynetwork_discoverynetwork_enumerationnetwork_scannetworkscanningnorth americaoceaniap0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trappolandportscanpotential vulnerability probingprocess injectionprotocol exploitationproxyproxy accessransomwareransomware activityreconnaissanceredis honeypotremote accessremote access attackremote servicesresearchedresource hijackingrtbhrurussiarussian federationscannerscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scanshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringsuricata alertsuricata alertssynsyn scansystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_intelligencetimeouttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunited statesus nonevnc protocolvoipvoip attackvulnerability scanvultrvultr infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwordpot

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenJul 9, 2024

Last seenJun 3, 2026

GeolocationRU

CountryRussian Federation

LocationYekaterinburg, Moscow

ASNAS12389

OrgRostelecom

Coords55.7558, 37.6173

Proxy

VirusTotal

8/ 91vendors flagged

9% detection rateJun 5, 2026

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: inetnum: 2.63.211.0 - 2.63.211.255 netname: Rostelecom_net geoloc: 55.755864 37.617698 country: RU admin-c: PRTT1-RIPE tech-c: RTNC-RIPE status: SUB-ALLOCATED PA mnt-by: ROSTELECOM-MNT created: 2024-05-23T11:00:56Z last-modified: 2024-05-23T11:01:30Z source: RIPE role: PJSC Rostelecom Technical Team address: PJSC Rostelecom Russian Federation nic-hdl: PRTT1-RIPE mnt-by: ROSTELECOM-MNT created: 2024-05-20T01:54:00Z last-modified: 2024-05-20T01:54:00Z source: RIPE # Filtered role: PJSC Rostelecom Technical Team address: PJSC Rostelecom address: Russian Federation abuse-mailbox: [email protected] admin-c: IE1277-RIPE tech-c: IE1277-RIPE remarks: trouble: --------------------------------------------------------------- remarks: trouble: Rostelecom NOC is available 24 x 7 remarks: trouble: e-mail [email protected] remarks: trouble: --------------------------------------------------------------- remarks: ------------------------------------------------------------------------ remarks: peering requests: [email protected] remarks: ------------------------------------------------------------------------ remarks: http://www.rostelecom.ru/, looking-glass http://lg.ip.rt.ru/ remarks: ------------------------------------------------------------------------ nic-hdl: RTNC-RIPE mnt-by: ROSTELECOM-MNT created: 2007-11-27T13:28:11Z last-modified: 2022-12-12T07:46:18Z source: RIPE # Filtered route: 2.60.0.0/14 descr: JSC Rostelecom regional branch "Siberia" origin: AS12389 mnt-by: ROSTELECOM-MNT created: 2018-09-20T12:45:26Z last-modified: 2018-09-20T12:45:26Z source: RIPE # Filtered

`2.63.211.145`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy