IPMediumSignal 42/100

`95.167.53.6`

Location

Russian Federation

Smolensk, SVE

ASN

AS12389

Rostelecom

First Seen

Sep 3, 2024

Last Seen

Mar 30, 2026

Sep 3

First Seen

647d ago

Mar 30

Last Seen

75d ago

Reports

source reports

42%

Confidence

medium

Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

42%

Signal Score

42 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

47 techniques

Network Information

Country

Russian Federation

RegionSmolensk, SVE

ASNAS12389

OrganizationRostelecom

Feed Intelligence Summary

12 reports42% confidence

Source reports

42%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningattackbad reputationbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc&c communicationc2 communicationcommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscompromised systemscowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdistributed attackseurope/asiaexploit attemptsexploit kit activityexploitation activityidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackmalicious activitymalicious network activitymalicious softwaremalwaremalware distributionmanualmirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksphishingphishing attackphishing botpotential ddos attackprocess injectionprotocol exploitationransomwarereconnaissanceresearchedrurussiarussian federationscanscannersecurity policyservice scansftp attacksocial engineeringsocradar honeypotspamspam botssh attackssh monitoringt1003t1005t1016t1021t1021.002t1040t1041t1046t1055t1056.001t1059t1059.001t1071t1071.001t1078t1083t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1190t1199t1204t1210t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat actorthreat intelligencethreat preventiontor nodeunauthorized access

Activity Timeline

1 total obs

Mar 30Mar 30

Threat Activity Heatmap

· Peak: 2026-03-30

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a significant and immediate threat to organizational security, evidenced by its high threat score of 41.55. Its presence suggests potential involvement in reconnaissance, unauthorized access attempts, and potentially disruptive or financially motivated activities. If this IOC is detected communicating with internal systems, it could indicate an ongoing compromise, leading to severe consequences such as data exfiltration, system unavailability, or the…

Threat ScoreMedium Risk

SIGNAL

Signal Score

42%

Confidence

Reports

First seenSep 3, 2024

Last seenMar 30, 2026

GeolocationRU

CountryRussian Federation

LocationSmolensk, SVE

ASNAS12389

OrgRostelecom

Coords58.0428, 60.5574

VirusTotal

Not checked

WHOIS

raw: inetnum: 95.167.0.0 - 95.167.255.255 netname: RU-RTK-20090723 country: RU org: ORG-JR8-RIPE admin-c: PRTT1-RIPE tech-c: RTNC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: ROSTELECOM-MNT mnt-lower: ROSTELECOM-MNT mnt-domains: ROSTELECOM-MNT mnt-routes: ROSTELECOM-MNT created: 2009-07-23T11:56:54Z last-modified: 2024-06-11T09:23:56Z source: RIPE # Filtered organisation: ORG-JR8-RIPE org-name: PJSC Rostelecom country: RU org-type: LIR address: 14 A, Sinopskaya nabereznaya address: 191167 address: S.Peterburg address: RUSSIAN FEDERATION phone: +7 499 999-82-83 fax-no: +74999953619 admin-c: RTNC-RIPE admin-c: IE1277-RIPE admin-c: NM7547-RIPE admin-c: AA728-RIPE abuse-c: RTNC-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: ROSTELECOM-MNT mnt-ref: ROSNIIROS-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: ROSTELECOM-MNT created: 2005-03-22T11:11:20Z last-modified: 2025-07-29T09:49:41Z source: RIPE # Filtered role: PJSC Rostelecom Technical Team address: PJSC Rostelecom Russian Federation nic-hdl: PRTT1-RIPE mnt-by: ROSTELECOM-MNT created: 2024-05-20T01:54:00Z last-modified: 2024-05-20T01:54:00Z source: RIPE # Filtered role: PJSC Rostelecom Technical Team address: PJSC Rostelecom address: Russian Federation abuse-mailbox: [email protected] admin-c: IE1277-RIPE tech-c: IE1277-RIPE remarks: trouble: --------------------------------------------------------------- remarks: trouble: Rostelecom NOC is available 24 x 7 remarks: trouble: e-mail [email protected] remarks: trouble: --------------------------------------------------------------- remarks: ------------------------------------------------------------------------ remarks: peering requests: [email protected] remarks: ------------------------------------------------------------------------ remarks: http://www.rostelecom.ru/, looking-glass http://lg.ip.rt.ru/ remarks: ------------------------------------------------------------------------ nic-hdl: RTNC-RIPE mnt-by: ROSTELECOM-MNT created: 2007-11-27T13:28:11Z last-modified: 2022-12-12T07:46:18Z source: RIPE # Filtered route: 95.167.0.0/16 descr: ROSTELECOM NETS origin: AS12389 mnt-by: ROSTELECOM-MNT created: 2009-07-29T11:30:01Z last-modified: 2018-09-03T10:26:43Z source: RIPE
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce

`95.167.53.6`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy