IOC Radar
IPMediumSignal 70/100

82.97.252.151

Location
Russian FederationRussian Federation
St Petersburg, St.-Petersburg
ASN
AS9123
Timeweb, LLP
First Seen
Apr 16, 2026
Last Seen
May 30, 2026
Apr 16
First Seen
57d ago
May 30
Last Seen
14d ago
10
Reports
source reports
70%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

1 techniques

Network Information

CountryRURussian Federation
RegionSt Petersburg, St.-Petersburg
ASNAS9123
OrganizationTimeweb, LLP

Feed Intelligence Summary

10 reports70% confidence
10
Source reports
70%
Confidence score
Category tags
active scanaptaustraliabrute forcebrute-forceeurope/asiaexploitexploitation activityindicatornetworkoceaniaresearchedrurussiascannersshssh attackt1110threat actortor nodetpotvulnerability scanvulnerability-exploitationweb app attack

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
10
Reports
First seenApr 16, 2026
Last seenMay 30, 2026
GeolocationRU
CountryRussian Federation
LocationSt Petersburg, St.-Petersburg
ASNAS9123
OrgTimeweb, LLP
Coords59.9311, 30.3609

VirusTotal

Not checked

WHOIS

description
Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.97.252.151 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 24 times when connecting to db1lapetro between 2026-04-17 08:28 and 2026-04-17 09:00 UTC.
raw
inetnum: 82.97.252.0 - 82.97.252.255 netname: TIMEWEB org: ORG-TL861-RIPE country: RU geofeed: https://geofeed.timeweb.net/geofeed.csv admin-c: TRA62-RIPE tech-c: TRA62-RIPE mnt-routes: TIMEWEB-MNT mnt-routes: network-kz-1-mnt mnt-domains: TIMEWEB-MNT status: ASSIGNED PA mnt-by: network-kz-1-mnt created: 2023-11-23T15:04:16Z last-modified: 2023-11-23T16:01:48Z source: RIPE organisation: ORG-TL861-RIPE org-name: Timeweb, LLP country: KZ org-type: LIR address: Bostandyk district, Auezov Street, 175, n.p. 9A address: 050057 address: Almaty address: KAZAKHSTAN phone: +79110203209 admin-c: TRA62-RIPE tech-c: TRA62-RIPE abuse-c: AR70119-RIPE mnt-ref: lir-kz-timewebcloud-1-MNT mnt-ref: network-kz-1-mnt mnt-ref: TIMEWEB-MNT mnt-ref: MNT-TEVIA mnt-ref: RU-NTK-MNT mnt-ref: SFT-MNT mnt-ref: SVT-RIPE-MNT mnt-ref: DELFA-RIPE-MNT mnt-ref: cicnet-mnt mnt-ref: AM-VDS mnt-ref: ru-permtelecom-1-mnt mnt-ref: Cyber-MNT mnt-ref: lir-gr-geniusmind-1-MNT mnt-ref: chapar-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-kz-timewebcloud-1-MNT created: 2023-03-31T07:51:51Z last-modified: 2025-09-04T14:43:02Z source: RIPE # Filtered role: Timewebcloud Role Account address: KAZAKHSTAN address: Almaty address: 050057 address: Bostandyk district, Auezov Street, 175, n.p. 9A phone: +79110203209 nic-hdl: TRA62-RIPE mnt-by: lir-kz-timewebcloud-1-MNT created: 2023-03-31T07:51:49Z last-modified: 2023-03-31T07:51:50Z source: RIPE # Filtered route: 82.97.252.0/24 origin: AS9123 mnt-by: network-kz-1-mnt mnt-by: TIMEWEB-MNT created: 2023-11-23T15:45:23Z last-modified: 2023-11-23T15:45:34Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 14 days ago
Appeared in 10 threat reports