IPMediumSignal 100/100
78.29.9.229
Location
RussiaChelyabinsk, Chelyabinsk Oblast
ASN
AS8369
Intersvyaz-2 JSC
First Seen
Dec 2, 2024
Last Seen
Feb 5, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussia
RussiaRegionChelyabinsk, Chelyabinsk Oblast
ASNAS8369
OrganizationIntersvyaz-2 JSC
Feed Intelligence Summary
12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseaccount compromiseactive scanningasiaattackazureblock listbotnetbrute forcebrute force attackbrute force attemptsc2china mobilecisco devicecloud infrastructurecloud infrastructure attackcloud servicescolumnscommand and controlcommunication technologiescompany limitedcompromised devicecompromised hostcompromised systemcompromised systemscowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationddosdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingenumerationeuropeeurope/asiaexploit attemptsexploitationexploitation attemptsexploited hostfinlandfranceftp brute forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forceindicatorinfrastructure acquisitionreconnaissanceioclamplateral movementloginlogin attacklogin attemptmalicious activitymalicious ip activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmobile carriersmobile networksnetworknetwork infrastructurenetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnorth americapassword attackpassword attackspassword sprayingpgp signphishing attackpolandpotential malware uploadprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingrurussiarussian federationscannerscanning activitysecurity operationssftp attacksmtp brute forcesocial engineeringsocradar honeypotsohospamsql injection attemptsssh attackssh monitoringt1005t1016t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1071t1071.001t1076t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003tcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetimeouttplinkudp scanunauthorized access attemptunited statesus nonewarsawweb application attackweb exploitation
Activity Timeline
Feb 5Feb 5
Threat Activity Heatmap
· Peak: 2026-02-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenDec 2, 2024
Last seenFeb 5, 2026
GeolocationRU
CountryRussia
LocationChelyabinsk, Chelyabinsk Oblast
ASNAS8369
OrgIntersvyaz-2 JSC
Coords55.1957, 61.3384
VirusTotal
Not checked
WHOIS
- description
- dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
- raw
- inetnum: 78.29.0.0 - 78.29.15.255 netname: INTERSV-NET-6 org: ORG-IJ7-RIPE descr: Intersvyaz-2 JSC Net country: RU admin-c: IS-RIPE tech-c: IS-RIPE status: ASSIGNED PA mnt-by: INTERSVYAS-MNT created: 2015-06-08T22:29:18Z last-modified: 2015-06-08T22:29:18Z source: RIPE organisation: ORG-IJ7-RIPE org-name: Intersvyaz-2 JSC country: RU org-type: LIR address: KOMSOMOLSKY PROSPEKT 38B address: 454138 address: CHELYABINSK address: RUSSIAN FEDERATION phone: +73517929745 fax-no: +73512656520 admin-c: MC29184-RIPE admin-c: AV2001-RIPE admin-c: EK204-RIPE abuse-c: IS-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: INTERSVYAS-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: INTERSVYAS-MNT created: 2005-12-05T12:47:21Z last-modified: 2021-03-17T06:00:51Z source: RIPE # Filtered role: Intersvyaz JSC Network Operation Center address: 38-B, Komsomolsky prospekt, Chelyabinsk, 454138, Russia remarks: SPAM and Network security issues: [email protected] remarks: Address, name and routing issues: [email protected] remarks: Mail issues: [email protected] remarks: News issues: [email protected] remarks: FTP issues: [email protected] remarks: Web issues: [email protected] remarks: Proxy issues: [email protected] abuse-mailbox: [email protected] admin-c: EK204-RIPE tech-c: AV2001-RIPE mnt-by: INTERSVYAS-MNT nic-hdl: IS-RIPE created: 2004-08-30T16:11:45Z last-modified: 2024-01-06T06:33:41Z source: RIPE # Filtered route: 78.29.8.0/21 descr: Intersvyaz-2 JSC Route org: ORG-IJ7-RIPE origin: AS8369 mnt-by: INTERSVYAS-MNT created: 2009-02-04T15:38:50Z last-modified: 2009-02-04T15:38:50Z source: RIPE organisation: ORG-IJ7-RIPE org-name: Intersvyaz-2 JSC country: RU org-type: LIR address: KOMSOMOLSKY PROSPEKT 38B address: 454138 address: CHELYABINSK address: RUSSIAN FEDERATION phone: +73517929745 fax-no: +73512656520 admin-c: MC29184-RIPE admin-c: AV2001-RIPE admin-c: EK204-RIPE abuse-c: IS-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: INTERSVYAS-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: INTERSVYAS-MNT created: 2005-12-05T12:47:21Z last-modified: 2021-03-17T06:00:51Z source: RIPE # Filtered
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/vultrwarsaw-telnet-bruteforce-ip-list-2025-08-09/, https://jamesbrine.com.au, https://raw.githubusercontent.com/Gi7w0rm/Blogposts/main/7777Botnet/BotnetIPs/ips_xlogin_22_07_2024.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 12 threat reports