IOC Radar
IPMediumSignal 69/100

82.79.28.78

Location
RomaniaRomania
Oradea, TM
ASN
AS8708
RCS & RDS Business
First Seen
Feb 17, 2025
Last Seen
Feb 15, 2026
Feb 17
First Seen
491d ago
Feb 15
Last Seen
128d ago
9
Reports
source reports
69%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountryRORomania
RegionOradea, TM
ASNAS8708
OrganizationRCS & RDS Business

Feed Intelligence Summary

9 reports69% confidence
9
Source reports
69%
Confidence score
Category tags
abuseactive scanningattackbotnetbrute forcebrute force attackcommand and controlcompromised credentialsconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdecoy systemdionaeadionaea honeypotdistributed attacksemaileuropeexploit kit activityftp brute forcegithubhoneytrap honeypotics securityindicatorindustrial control systemsiot/ics attacklamplateral movementmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusionnetwork intrusion attemptsnetwork scanningpassword attacksphishingphishing attackphishing trapprocess injectionpythonreconnaissanceresearchedroromaniascannersftpsftp attackslugsocial engineeringsshssh attackssh monitoringsurface webt1021t1041t1046t1053t1055t1059t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat detectionthreat intelligenceunauthorized access attempt

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
9
Reports
First seenFeb 17, 2025
Last seenFeb 15, 2026
GeolocationRO
CountryRomania
LocationOradea, TM
ASNAS8708
OrgRCS & RDS Business
Coords45.7485, 21.2274

VirusTotal

Not checked

WHOIS

description
2025-02-17T04:19:58.232Z Honeypot : ConPot : Source: 82.79.28.78 : Port: 50100 Data Type: kamstrup_management_protocol Event Type: NEW_CONNECTION
raw
inetnum: 82.79.28.0 - 82.79.29.255 netname: RO-RCS-RDS descr: RCS & RDS Business descr: City: Oradea remarks: INFRA-AW country: RO admin-c: RDS-RIPE tech-c: RDS-RIPE tech-c: RDS2012-RIPE status: ASSIGNED PA mnt-by: AS8708-MNT mnt-lower: AS8708-MNT created: 2012-11-09T16:04:43Z last-modified: 2023-04-05T18:48:09Z source: RIPE # Filtered role: RCS & RDS NOC address: 71-75 Dr. Staicovici address: Bucharest / ROMANIA phone: +40 21 30 10 888 fax-no: +40 21 30 10 892 abuse-mailbox: [email protected] admin-c: GEPU1-RIPE tech-c: GEPU1-RIPE nic-hdl: RDS-RIPE mnt-by: RDS-MNT remarks: +------------------------------------------------------------+ remarks: | Please use [email protected] for complaints and only after | remarks: | you have tried contacting directly our customers according | remarks: | to the details registered in RIPE database. | remarks: +------------------------------------------------------------+ remarks: | DO NOT CALL, FAX, OR CONTACT US BY ANY OTHER MEANS EXCEPT | remarks: | [email protected] | remarks: +------------------------------------------------------------+ created: 1970-01-01T00:00:00Z last-modified: 2019-08-21T07:16:42Z source: RIPE # Filtered role: RCS RDS address: 71-75 Dr. Staicovici address: Bucharest / ROMANIA phone: +40 21 30 10 888 fax-no: +40 21 30 10 892 abuse-mailbox: [email protected] admin-c: GEPU1-RIPE tech-c: GEPU1-RIPE nic-hdl: RDS2012-RIPE mnt-by: RDS-MNT remarks: +------------------------------------------------------------+ remarks: | Please use [email protected] for complaints and only after | remarks: | you have tried contacting directly our customers according | remarks: | to the details registered in RIPE database. | remarks: +------------------------------------------------------------+ remarks: | DO NOT CALL, FAX, OR CONTACT US BY ANY OTHER MEANS EXCEPT | remarks: | [email protected] | remarks: +------------------------------------------------------------+ created: 2012-01-24T08:33:39Z last-modified: 2013-05-11T03:16:10Z source: RIPE # Filtered route: 82.76.0.0/14 descr: RDSNET origin: AS8708 mnt-by: AS8708-MNT created: 2003-07-14T08:23:35Z last-modified: 2004-09-09T07:36:42Z source: RIPE
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 9 threat reports