IOC Radar
IPMediumSignal 78/100

159.93.166.214

Location
Russian FederationRussian Federation
Dubna, MOS
ASN
AS2875
HEP-CIS
First Seen
Apr 16, 2026
Last Seen
May 11, 2026
Apr 16
First Seen
57d ago
May 11
Last Seen
33d ago
10
Reports
source reports
78%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryRURussian Federation
RegionDubna, MOS
ASNAS2875
OrganizationHEP-CIS

Feed Intelligence Summary

10 reports78% confidence
10
Source reports
78%
Confidence score
Category tags
active scanaptbrute forcebrute force attackerbrute-forcebruteforcedigital oceaneurope/asiaexploitation activityindicatornetworkportscanresearchedrurussiascannerscannersservice scansshssh attackthreat actortor nodeweb app attack

Activity Timeline

1 total obs
May 11May 11

Threat Activity Heatmap

· Peak: 2026-05-11
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
10
Reports
First seenApr 16, 2026
Last seenMay 11, 2026
GeolocationRU
CountryRussian Federation
LocationDubna, MOS
ASNAS2875
OrgHEP-CIS
Coords56.7430, 37.1858

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 159.93.0.0 - 159.93.255.255 netname: JINR-NET descr: Joint Institute for Nuclear Research descr: Fundamental Experimental Physical Research descr: Dubna, RUSSIA, 141980 country: RU admin-c: JINR-RIPE tech-c: JINR-RIPE status: LEGACY mnt-by: JINR-MNT created: 1970-01-01T00:00:00Z last-modified: 2023-07-27T08:59:55Z source: RIPE # Filtered role: JINR Network Operations Center address: NOC, LIT, 6, Joliot-Curie address: Dubna, Moscow Region, Russia address: 141980 phone: +7 49621 63488 fax-no: +7 49621 66824 admin-c: AD2692-RIPE tech-c: AB35314-RIPE nic-hdl: JINR-RIPE mnt-by: JINR-MNT created: 2005-06-08T20:34:56Z last-modified: 2025-11-17T11:09:02Z source: RIPE # Filtered route: 159.93.0.0/16 descr: HEP-CIS origin: AS2875 mnt-by: AS2875-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:54Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-04-16/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 10 threat reports