IOC Radar
IPMediumSignal 39/100

178.20.210.135

Location
KazakhstanKazakhstan
Būlaevo, Kowloon City
ASN
AS210006
Shereverov network
First Seen
Sep 4, 2020
Last Seen
Jun 4, 2026
Sep 4
First Seen
2117d ago
Jun 4
Last Seen
18d ago
23
Reports
source reports
39%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryKZKazakhstan
RegionBūlaevo, Kowloon City
ASNAS210006
OrganizationShereverov network

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

23 reports39% confidence
23
Source reports
39%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadministrative accessaerospace & defenseaptasiaattackaustraliaauthentication abuseauthentication attacksautomated attackautomated attacksbad reputationbad web botbankingblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2 communicationcisco devicecisco exploitation attemptcisco exploitation attemptscommand & controlcommand and controlcommunication protocolcommunication technologiesconsumer goodscowrie datacowrie honeypotcowrie interactionscredential accesscredential stuffingcredential theftcredit card servicesdata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksenterprise networkingeuropeexploitexploit attemptsexploitation activityexploited hostexport-to-otxfail2ban alertsfattfatt detectionsfatt signaturesfinancefinancial servicesfinancial technologyfinlandfraudfraudulent activityftpftp brute forceftp brute-forcegermanyhackinghoneypot 24h activityhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scanneridentity & access exploitationindicatorinformation technologyinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackipqsit infrastructurekazakhstanlateral movementlogin attacklogin attackslogin attemptmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious ip addressesmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmediamilitary operationsmirai botnetmispmobile carriersmobile networksnational securitynetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningoceaniaopenctioperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspayment processingphishingphishing attackphishing trappossible brute forcepotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxyproxy detectionransomwarerdp exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice scansftp attacksip brute forcesip scanningsipvicious scansmtpsmtp probingsocial engineeringsocradar honeypotsoftware developmentspamspammingsql injectionsshssh attackssh bruteforcessh exploitationssh monitoringssh scanningsuricata alertssuspected botnett1003t1021t1021.001t1021.004t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1069.001t1071t1071.001t1076t1078t1078.004t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566t1567.001t1588.004t1589t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor detectiontor nodetpotunited kingdomvnc protocolvoipvoip attackvpnvpn detectionvulnerability scanwealth managementweb application attackweb attackweb attacksweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
23
Reports
First seenSep 4, 2020
Last seenJun 4, 2026
GeolocationKZ
CountryKazakhstan
LocationBūlaevo, Kowloon City
ASNAS210006
OrgShereverov network
Coords22.3015, 114.1760
ProxyVPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 178.20.210.0 - 178.20.210.255 netname: Shereverov-network country: KZ abuse-c: AA45056-RIPE admin-c: AA45055-RIPE tech-c: AA45055-RIPE status: ASSIGNED PA mnt-by: JD-RIPE-MNT mnt-by: Sher-MNT mnt-domains: JD-RIPE-MNT mnt-domains: Sher-MNT mnt-routes: JD-RIPE-MNT mnt-routes: Sher-MNT created: 2021-04-27T12:17:39Z last-modified: 2025-10-17T07:04:43Z source: RIPE role: admin-c address: Kazakhstan, 150800, Bulaevo st.Budennogo h.139 (PKA020134563335465) nic-hdl: AA45055-RIPE mnt-by: Sher-MNT created: 2025-05-08T18:54:29Z last-modified: 2025-05-10T13:54:37Z source: RIPE # Filtered route: 178.20.210.0/24 origin: AS210006 mnt-by: JD-RIPE-MNT created: 2025-10-17T06:31:32Z last-modified: 2025-10-17T06:31:32Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 18 days ago
Appeared in 23 threat reports