IPMediumSignal 34/100
146.70.52.218
Location
Russian FederationMoscow, Moskva
ASN
AS9009
M247 Ltd Moscow
First Seen
Jan 12, 2022
Last Seen
May 7, 2026
Jan 12
First Seen
1614d ago
May 7
Last Seen
38d ago
21
Reports
source reports
34%
Confidence
medium
1/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
34%
Signal Score
34 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionMoscow, Moskva
ASNAS9009
OrganizationM247 Ltd Moscow
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
21 reports34% confidence
21
Source reports
34%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningapplication accessattackattack campaignauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureautomated attackautomated brute forcebad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebruteforcecommand and controlcommunication protocolcompromise attemptcompromised credentialscredential accesscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential theft attemptcyber securitydata exfiltrationdata store exposureddosddos attackdecoy systemdefensedistributed attackseuropeeurope/asiaexploitation activityexternal remote servicesfailed authenticationfailed loginfinlandfranceftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationinformation technologyinitial accessinjection activityiocit infrastructurelateral movementlog analysisloginlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin brutinglogin credentialslogin failuremalicious activitymalicious softwaremalwarenetworknetwork accessnetwork attacksnetwork devicenetwork enumerationnetwork exploitationnetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork loginnetwork login attemptnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service exploitationnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork-based attacknextraynorth americapassword attackpassword attackspassword crackingphishingphishing attackping of deathpolandprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote access abuseremote access attemptremote access serviceremote serviceremote servicesresearchedrurussiarussian federationscannerscanning activitysesecurity operationsservice scansingle ipsingle ip attacksingle ip sourcesingle sourcesingle source ipsmb brute forcesmtp brute forcesocial engineeringsoftware developmentsshssh attackssh serviceswedensystem accesst1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1078t1078.001t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.002t1499.003t1550t1550.002t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1567t1588t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat intelligencetor nodeudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesunited states ipunited states sourceus /32us based attackerus based attackersus ip addressus ip sourceus sourceus source ipusa ip addressuser discoveryuser enumerationvalid accountsvpnvulnerability scan
Activity Timeline
May 7May 7
Threat Activity Heatmap
· Peak: 2026-05-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
34
SIGNAL
Signal Score
34%
Confidence
21
Reports
First seenJan 12, 2022
Last seenMay 7, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moskva
ASNAS9009
OrgM247 Ltd Moscow
Coords55.7483, 37.6171
VPN
WHOIS
- description
- SSH bruteforce client IP
- raw
- inetnum: 146.70.52.0 - 146.70.52.255 netname: M247-Moscow descr: M247 Moscow Infrastructure country: RU org: ORG-MLM15-RIPE geoloc: 55.79014 37.46673 admin-c: GBXS-RIPE tech-c: GBXS-RIPE status: LEGACY mnt-by: GLOBALAXS-MNT remarks: ----------------------- LEGAL CONCERNS ---------------- remarks: For any legal requests, please send an email to remarks: [email protected] for a maximum 48hours response. remarks: ----------------------- LEGAL CONCERNS ---------------- created: 2021-06-11T11:09:20Z last-modified: 2021-06-11T11:09:20Z source: RIPE organisation: ORG-MLM15-RIPE org-name: M247 Ltd Moscow org-type: OTHER address: Moscow, Russia abuse-c: AR38608-RIPE mnt-ref: GLOBALAXS-MNT mnt-by: GLOBALAXS-MNT created: 2020-08-05T10:34:55Z last-modified: 2024-05-16T14:14:14Z source: RIPE # Filtered role: GLOBALAXS NOC remarks: M247 - Network Management Centre address: 1 Ball Green, Cobra Court address: M32 0QT, Manchester - United Kingdom tech-c: JB3482-RIPE tech-c: CB2407-RIPE nic-hdl: GBXS-RIPE abuse-mailbox: [email protected] mnt-by: GLOBALAXS-MNT created: 2006-07-13T15:37:05Z last-modified: 2018-09-10T17:32:45Z source: RIPE # Filtered route: 146.70.52.0/24 descr: M247 Europe origin: AS9009 mnt-by: GLOBALAXS-MNT created: 2021-05-14T09:47:51Z last-modified: 2021-05-14T09:47:51Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 1 month ago
Appeared in 21 threat reports