IPMediumSignal 52/100

`95.188.72.234`

Location

Russian Federation

Krasnoyarsk, KYA

ASN

AS12389

OJSC Rostelecom

First Seen

Nov 27, 2023

Last Seen

Apr 9, 2026

Nov 27

First Seen

940d ago

Apr 9

Last Seen

76d ago

Reports

source reports

52%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

52%

Signal Score

52 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

48 techniques

Network Information

Country

Russian Federation

RegionKrasnoyarsk, KYA

ASNAS12389

OrganizationOJSC Rostelecom

Feed Intelligence Summary

14 reports52% confidence

Source reports

52%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningasiaattackback orificebad reputationbad web botbotnetbotnet activitybotnet activity detectedbotnet_activitybrute forcebrute force attackbrute_forcec2 communicationchinacommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_stuffingctad-link devicesdata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksddwrtdecoy systemdenial of servicedionaea honeypotdistributed attackseuropeeurope/asiaexploitexploitation activityexploited hostfinlandfranceftp brute forcegermanygpon routershackinghnaphoneynet connecthoneytrap honeypothttp brute forceidentity & access exploitationindiaindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklamplateral movementlegacy_protocol_attackloginlogin attemptmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmirai botnetnetworknetwork attacksnetwork intrusionnetwork scanningnetwork securitynetwork_reconnaissancenorth americapassword attackpassword attacksphishingphishing attackpolandprocess injectionprotocol exploitationransomwareratrcereconnaissanceremote_accessresearchedresource developmentrurussiarussian federationscanscannerscanning activitysecurity policysftp attacksmtp brute forcesoapsocial engineeringsocradar honeypotsora botnetspamssh attackssh monitoringt1005t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1068t1071t1071.001t1078t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195.002t1203t1204.002t1486t1496t1497.001t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceudp scanunauthorized access attemptunauthorized_loginunited statesvulnerabilityvulnerability scanweb application attackweb exploitationzgrab

Activity Timeline

1 total obs

Apr 9Apr 9

Threat Activity Heatmap

· Peak: 2026-04-09

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

52%

Confidence

Reports

First seenNov 27, 2023

Last seenApr 9, 2026

GeolocationRU

CountryRussian Federation

LocationKrasnoyarsk, KYA

ASNAS12389

OrgOJSC Rostelecom

Coords56.0133, 92.7885

VirusTotal

Not checked

WHOIS

description: 2025-04-20T13:30:57.793Z Honeypot : Cowrie : Source: 95.188.72.234 Data: New connection: 95.188.72.234:36976 (172.29.0.2:23) [session: 03916346300c]
raw: inetnum: 95.188.64.0 - 95.188.95.255 netname: WEBSTREAM descr: OJSC "Rostelecom" remarks: Krasnoyarsk branch of old OJSC "Sibirtelecom" remarks: broadband service country: RU remarks: remarks: NCC#2009095163 remarks: INFRA AW remarks: admin-c: HKST1-RIPE tech-c: HKST1-RIPE mnt-by: NSOELSV-NCC mnt-lower: NSOELSV-NCC mnt-lower: AS5573-MNT mnt-domains: AS5573-MNT mnt-domains: NSOELSV-NCC mnt-routes: AS5573-MNT mnt-routes: NSOELSV-NCC status: ASSIGNED PA remarks: remarks: Direct reference for the general info on spam remarks: In unsoluble cases for the general info on spam, remarks: abusing & hacking complaints email [email protected] remarks: created: 2009-09-28T10:41:52Z last-modified: 2013-12-18T08:50:07Z source: RIPE # Filtered person: Hostmaster KRASNET address: KRASNET Regional Telecommunications Network address: 80, Karl Marks str. address: 660049 Krasnoyarsk address: Russia phone: +7 3912 660607 fax-no: +7 3912 661465 nic-hdl: HKST1-RIPE mnt-by: AS5573-MNT created: 1970-01-01T00:00:00Z last-modified: 2004-12-20T03:43:45Z source: RIPE # Filtered route: 95.188.0.0/17 descr: Rostelecom networks origin: AS12389 mnt-by: ROSTELECOM-MNT created: 2018-10-31T11:47:28Z last-modified: 2018-10-31T11:47:28Z source: RIPE # Filtered
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7313575112698408960-XC9S?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

`95.188.72.234`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey