IPMediumSignal 73/100

`92.63.197.92`

Location

Netherlands

Amsterdam, North Holland

ASN

AS211736

Korotkij Denis Aleksandrovich

First Seen

Jul 10, 2023

Last Seen

May 19, 2026

Jul 10

First Seen

1069d ago

May 19

Last Seen

25d ago

Reports

source reports

73%

Confidence

medium

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

62 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS211736

OrganizationKorotkij Denis Aleksandrovich

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

16 reports73% confidence

Source reports

73%

Confidence score

Category tags

accessaccommodation and food servicesaccommodation servicesack scanactive scanactive scanningadbhoney honeypotasiaattackattack activityautomated attackautomated attacksbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationciscocisco asacisco asa targetedcisco asa targetingcisco devicecisco exploitcloud environmentcloud infrastructurecloud-infrastructurecloud_infrastructurecommand & controlcommand and controlcommunication protocolcompromised hostscowriecowrie attackcowrie honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase exploitation attemptsddosdecoy systemdenial of servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea attackdionaea honeypotdistributed attacksemailencryptionenterprise networkingeuropeeurope/asiaexploitationexploitation activityexploitation attemptsexternal attackexternal threatexternal-threatexternal_threatfin scanfood servicesftpftp brute forceftp protocolftp scangithubgroupsguest serviceshackinghoneytrap honeypothospitality technologyhotelshttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinfected systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinjection activityinternet wide scaninternet-scanninginternet-wide observationinternet-wide scanintrusion detectioniot securityiot targetedipv4ipv4 activityipv4 indicatorsipv4-addressesipv4-scanningipv4_activityit infrastructurelamplamp attacklamp exploitlamp stack targetinglateral movementlicenselinuxmailoney attackmailoney honeypotmalicious activitymalicious infrastructuremalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemass-scanningnetherlandsnetworknetwork attacksnetwork devicenetwork device attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork-reconnaissancenetwork_discoverynetwork_scannetwork_scanningnlnorth americanull scanosint enrichmentpassword attacksphishingphishing attackphishing trapport-scanningportscanpossible credential stuffingpotential compromisepotential lateral movementpotential malicious activitypotential malware hostingpre-attackprobingprocess injectionprotocol exploitationpublic cloud targetingpythonrdp protocolreconnaissanceremote accessremote service exploitationremote servicesresearchedresource hijackingrestaurant operationsrussiarussian federationscannerscannersscanning activityscriptsecurity operationssentrypeer attacksentrypeer botnetservice enumerationservice scansftpsftp access attemptsftp activitysftp attacksftp probingsingaporesipsip brute forcesip scansip scanningslugsmtp brute forcesmtp scansmtp scanningsocial engineeringsoftware developmentspamsql inyectionsshssh attackssh monitoringssh protocolsurface websyn scant1005t1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.001t1059.004t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1587.001t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner attacktcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetourismudp port scanukraineunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunidentified attackerunited statesunknown threat actorvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningweb application attackweb application attacksweb exploitationweb scannerweb serverweb trafficwebscanwebscannerxmas scan

Activity Timeline

1 total obs

May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenJul 10, 2023

Last seenMay 19, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS211736

OrgKorotkij Denis Aleksandrovich

Coords55.7386, 37.6068

VPN

VirusTotal

Not checked

WHOIS

description: Scanner activity detected (1 attack attempts , 2 interactions)
raw: inetnum: 92.63.197.0 - 92.63.197.255 netname: IP-Korotkov country: NL admin-c: KDA110-RIPE org: ORG-KDA20-RIPE tech-c: KDA110-RIPE status: ASSIGNED PA mnt-by: ru-ip84-1-mnt created: 2016-06-22T07:08:29Z last-modified: 2024-04-02T14:34:39Z source: RIPE organisation: ORG-KDA20-RIPE org-name: Korotkij Denis Aleksandrovich org-type: OTHER address: Respublika Belarus, 247070, Gomel'skaya oblast', Dobrushskij rajon, gp. Terekhovka, ul. Vokzal'naya, d. 9 abuse-c: ACRO38680-RIPE mnt-ref: mnt-ru-ipdenisova-1 mnt-by: mnt-ru-ipdenisova-1 created: 2021-01-28T12:51:50Z last-modified: 2023-04-14T11:35:14Z source: RIPE # Filtered person: Korotkij Denis Aleksandrovich address: Respublika Belarus, 247070, Gomel'skaya oblast', Dobrushskij rajon, gp. Terekhovka, ul. Vokzal'naya, d. 9 phone: +380975230067 nic-hdl: KDA110-RIPE mnt-by: mnt-ru-ipdenisova-1 created: 2021-01-28T12:59:30Z last-modified: 2021-01-28T12:59:30Z source: RIPE route: 92.63.197.0/24 origin: AS211736 mnt-by: ru-ip84-1-mnt created: 2025-06-14T11:54:20Z last-modified: 2025-06-14T11:54:20Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-15/

`92.63.197.92`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy