IOC Radar
IPMediumSignal 80/100

178.16.52.101

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS202412
Omegatech LTD
First Seen
Nov 10, 2025
Last Seen
Jun 10, 2026
Nov 10
First Seen
222d ago
Jun 10
Last Seen
11d ago
15
Reports
source reports
80%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS202412
OrganizationOmegatech LTD

Feed Intelligence Summary

15 reports80% confidence
15
Source reports
80%
Confidence score
Category tags
abuseabusech-threatfox-c2caccess controlactive scanactive scanningaptattackaustraliabad reputationbase64+xor 0x82bitcoinblockchainbotnetbotnet activitybotnet activity detectedbotnet activity detectionbotnet indicatorsbotswanabrute forcebrute force attackbrute force attacksbrute force attemptsc&c communicationc2c2 communicationcertcommand & controlcommand and controlcommand injectioncommodity contracts intermediationcommunication protocolcompromised hostcompromised hostscompromised systemcompromised systemscowriecowrie honeypotcowrie ssh honeypotcredential accesscredential attackcredential stuffingcredential theftcrypto exchangecrypto miningcrypto walletcryptocurrencydata encryptiondata exfiltrationdata store exposuredatabase securityddosddos activityddos botnetdedecentralized financedecoy systemdenial of servicedigital currencydionaeadionaea honeypotdistributed attacksdnsdns attackdungeonteamencryptioneuropeeurope/asiaexploitexploit attemptsexploitation activityexploitation attemptexploited hostfake-bitwardenfattftpgermanyhackinghoneytrap honeypothttp scanneridentity & access exploitationindicatorinitial accessinjection activityinjection attacksinternet-facingiociot securityiot targetedlamplamp server attacklateral movementloadermacosmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware indicatorsnetworknetwork attacksnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficoceaniap0fpassword attackpassword attacksphishingphishing attackphishing campaignphishing trapprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingsame-origin-c2scams & fraudscannerscanning activitysecurity policysensor-taggedsentrypeer botnetserver exploitationsftpsftp attacksmtpspamspam botnetspam campaignsspam sendingsql injectionsshssh attackssh monitoringt-pott1003t1003.001t1003.002t1003.003t1003.004t1003.005t1003.006t1003.007t1003.008t1005t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1036t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.004t1077t1078t1078.002t1078.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1555.001t1555.002t1555.003t1555.004t1555.005t1555.006t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1571t1573t1573.001t1573.002t1595t1595.001t1595.002t1595.003t1614tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottraffic anomalyturkeyunauthorized accessunauthorized loginurlsvnc protocolvoipvoip attackvulnerability scanweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
15
Reports
First seenNov 10, 2025
Last seenJun 10, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS202412
OrgOmegatech LTD
Coords50.1567, 8.7681

VirusTotal

Not checked

WHOIS

description
CC=DE ASN=AS40999 dus.net gmbh
raw
inetnum: 178.16.52.0 - 178.16.52.255 netname: OMEGATECH country: DE geofeed: https://omegatech.sc/geofeed.csv descr: OMEGATECH org: ORG-OL329-RIPE abuse-c: CA12141-RIPE admin-c: CA12141-RIPE tech-c: CA12141-RIPE mnt-domains: omegatechsc-mnt mnt-lower: omegatechsc-mnt mnt-routes: omegatechsc-mnt status: ASSIGNED PA mnt-by: lir-tr-mgn-1-MNT created: 2025-08-19T16:04:10Z last-modified: 2026-01-21T12:56:06Z source: RIPE organisation: ORG-OL329-RIPE org-name: Omegatech LTD org-type: OTHER address: HOUSE OF FRANCIS ROOM 303, ILE DU PORT, MAHE, SEYCHELLES country: SC abuse-c: CA12141-RIPE mnt-ref: omegatechsc-mnt mnt-ref: lir-tr-mgn-1-MNT created: 2026-01-05T00:10:50Z last-modified: 2026-01-21T12:55:02Z source: RIPE # Filtered mnt-by: omegatechsc-mnt role: Abuse Contact address: [email protected] nic-hdl: CA12141-RIPE abuse-mailbox: [email protected] mnt-by: omegatechsc-mnt created: 2026-01-05T00:09:14Z last-modified: 2026-01-21T12:42:42Z source: RIPE # Filtered route: 178.16.52.0/24 origin: AS202412 created: 2026-01-21T12:34:39Z last-modified: 2026-01-21T12:34:39Z source: RIPE mnt-by: lir-tr-mgn-1-MNT
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 11 days ago
Appeared in 15 threat reports