IOC Radar
IPMediumSignal 51/100

158.178.224.130

Location
SingaporeSingapore
Singapore, South East
ASN
AS31898
Oracle Corporation
First Seen
Jan 1, 2026
Last Seen
Jun 2, 2026
Jan 1
First Seen
162d ago
Jun 2
Last Seen
11d ago
17
Reports
source reports
51%
Confidence
medium
3/91
VirusTotal
detections
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountrySGSingapore
RegionSingapore, South East
ASNAS31898
OrganizationOracle Corporation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports51% confidence
17
Source reports
51%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotapacheapache attackeraptasiaattackattacker-ipautomated attack attemptsautomated-attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackciscocisco brute forcecisco devicecode-injectioncommunication protocolcompromised credentialsconnected devicesconpotconpot honeypotcowriecowrie capturecowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential-abusedata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea capturedionaea honeypotdionaea malware detectionelasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitation activityexploitation attemptsexploited hostftp brute forcehackinghoneytrap honeypotics securityidentity & access exploitationindicatorindustrial control systemsindustrial iotinjection activityinjection attacksinternet of thingsiot analyticsiot applicationsiot platformsiot securityiot/ics attackipphoney honeypotlamplamp exploit attemptslateral movement attemptmailoney honeypotmalicious activitymalicious payloadmalicious trafficmalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningopen proxyopenctipassword attacksphishingphishing attackphishing trapport-scanningpossible malware infectionproxyransomwarereconnaissanceredis honeypotredishoneypotredishoneypot activityremote servicesresearchedresource hijackingscannerscripting attackssecurity policysentrypeer botnetsentrypeer sip attacksservice scansftpsftp access attemptssftp attacksgsingaporesipsip brute forcesip scanningsip vulnerability scansmart devicessmtp probingsocial engineeringspamsql-injectionsshssh attackssh monitoringt1021t1021.001t1040t1041t1046t1059t1059.003t1059.004t1059.007t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1566.001t1566.002t1566.003t1566.004t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunited kingdomvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitationweb spamweb-application-attack

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator of compromise (IOC), an IPv4 address, signals a significant and persistent threat requiring immediate attention. With a high threat score of 51.06, this IP address is strongly associated with malicious activities including brute-force attacks, vulnerability exploitation, and attempts at data exfiltration. Its consistent detection across numerous threat intelligence feeds underscores its active role in widespread attack campaigns. The presence of this IOC in network logs or securit…

Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
17
Reports
First seenJan 1, 2026
Last seenJun 2, 2026
GeolocationSG
CountrySingapore
LocationSingapore, South East
ASNAS31898
OrgOracle Corporation
Coords51.4964, -0.1224
Proxy

VirusTotal

3/ 91vendors flagged
3% detection rateJun 3, 2026

WHOIS

raw
inetnum: 158.0.0.0 - 158.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2021-05-18T04:28:10Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 auth: # Filtered mnt-by: APNIC-HM last-modified: 2025-11-18T00:26:21Z source: APNIC role: ABUSE APNICAP country: ZZ address: Brisbane, Australia phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-28T01:00:58Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
https://voidvendor.com/intel, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 11 days ago
Appeared in 17 threat reports