IOC Radar
IPMediumSignal 94/100

154.205.157.23

Location
United StatesUnited States
Minkler, CA
ASN
AS138915
Lightnode Limited
First Seen
Feb 11, 2025
Last Seen
Feb 12, 2026
Feb 11
First Seen
487d ago
Feb 12
Last Seen
121d ago
12
Reports
source reports
94%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryUSUnited States
RegionMinkler, CA
ASNAS138915
OrganizationLightnode Limited

Feed Intelligence Summary

12 reports94% confidence
12
Source reports
94%
Confidence score
Category tags
abuseadversary simulation toolagent teslaakamaialibabaandroidapi contactaptasiaattackbeaconbeaconing activitybotnetc2c2 communicationc2 frameworkchinacobaltcobalt strikecobaltstrikecommand and controlcompromised systemconfigcredential harvestingctadata encryptiondata exfiltrationdistributed attackse-commerceeuropeextortionfeedfindfraudglobalhuaweiindicatorindicators of compromiseinformation technologyinfrastructure acquisitionreconnaissanceiociocsiotjquerylateral movementlateral movement techniqueslinkedin pagemalicious activitymalicious softwaremalwaremalware distributionmanualmedia & entertainmentnanocore ratnetworknetwork traffic analysisnorth americapayload deliverypayload deploymentpayload generationpenetration testing toolphishingphishing attackphppost-exploitationpost-exploitation activitiespost-exploitation activityprocess injectionprotectransomwareransomware feedremote access trojanresearchedsecurity operationssentinel mispserverslugsocial engineeringstrongsurface websystem disruptiont1003t1005t1016t1018t1021t1027t1041t1047t1049t1053t1055t1059t1059.001t1068t1071t1071.001t1078t1083t1090t1090.001t1095t1105t1129t1134t1190t1210t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1566.001t1566.002t1566.003t1567t1569.002t1573t1573.001t1574t1587.001t1590.001telecommunicationthreat actorthreat feedthreat intelligenceunited statesunixusvietnam

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
12
Reports
First seenFeb 11, 2025
Last seenFeb 12, 2026
GeolocationUS
CountryUnited States
LocationMinkler, CA
ASNAS138915
OrgLightnode Limited
Coords34.0544, -118.2440

VirusTotal

Not checked

WHOIS

description
PrecisionSec is the world's leading cyber-security company and provides a comprehensive service of threat intelligence, including Cobalt Strike, FortiGate Firewall and Microsoft Sentinel, along with other products.
raw
NetRange: 154.0.0.0 - 154.255.255.255 CIDR: 154.0.0.0/8 NetName: NET154 NetHandle: NET-154-0-0-0-0 Parent: () NetType: Allocated to AfriNIC OriginAS: Organization: African Network Information Center (AFRINIC) RegDate: 1993-05-01 Updated: 2010-11-09 Ref: https://rdap.arin.net/registry/ip/154.0.0.0 ResourceLink: http://afrinic.net/en/services/whois-query ResourceLink: whois.afrinic.net OrgName: African Network Information Center OrgId: AFRINIC Address: Level 11ABC Address: Raffles Tower Address: Lot 19, Cybercity City: Ebene StateProv: PostalCode: Country: MU RegDate: 2004-05-17 Updated: 2015-05-04 Comment: AfriNIC - http://www.afrinic.net Comment: The African & Indian Ocean Internet Registry Ref: https://rdap.arin.net/registry/entity/AFRINIC ReferralServer: whois://whois.afrinic.net ResourceLink: http://afrinic.net/en/services/whois-query OrgTechHandle: GENER11-ARIN OrgTechName: Generic POC OrgTechPhone: +230 4666616 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GENER11-ARIN OrgAbuseHandle: GENER11-ARIN OrgAbuseName: Generic POC OrgAbusePhone: +230 4666616 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/GENER11-ARIN
references
https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/, https://threatfox.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 12 threat reports