IPMediumSignal 92/100

`178.16.55.224`

Location

United States

New York, New York

ASN

AS202412

Omegatech LTD

First Seen

Aug 30, 2025

Last Seen

May 4, 2026

Aug 30

First Seen

301d ago

May 4

Last Seen

53d ago

Reports

source reports

92%

Confidence

medium

Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

92%

Signal Score

92 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

39 techniques

Network Information

Country

United States

RegionNew York, New York

ASNAS202412

OrganizationOmegatech LTD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

22 reports92% confidence

Source reports

92%

Confidence score

Category tags

abuseabusech-urlhaus-c2cacademic institutionsaccess controlactive scanactive scanningaerospace & defenseamadeyapacheapache attackerapkaptarmasciiasiaattackauto-colorbackdoorbad reputationbad web botbankerbankingbitcoinaddressblocklist_allbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attemptsbrute-forcebruteforcec2c2 servercensyscertchinacivil servicescobalt strikecobalt-strikecobaltstrikecoinminercommand & controlcommand and controlcommunication technologiescompoodconfigconsumer goodscredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescryptocurrencycryptoscamdarkvisionratdata exfiltrationdata store exposureddosddos attacksdedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdistribution managementdropped-by-amadeydropped-by-stealcdropperearth lamiaeducationeducational resourceseducational serviceseducational technologyelectronic health recordselfencodedetherrateuropeeurope/asiaexeexecutable fileexploitation activityexploited hostfinancefinance and insurancefinancial servicesfinancial technologyfraudfraudulent activityfreight forwardinggafgytgermanygovernment technologyguloaderhackinghajimehealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhuntioidentity & access exploitationindicatorinformation technologyinjection activityinternet of thingsinventory managementiot botnetiot securityiot/ics attackipqsit infrastructurejackpot pandajopajsonk-12 educationkaijilogistics technologym68kmalicious activitymalicious softwaremalwaremalware distributionmediamedical servicesmilitary operationsminocatmipsmiraimirai botnetmobile carriersmobile networksmobile threatmozimozi downloadernation-state activitynational securitynetherlandsnetworknetwork scanningnlnoodle ratnorth americaopendirparaguaypassword attackspatient carepayment processingphishingphishing attackpowerpcprcprocess injectionproxyproxy detectionpublic administrationpublic infrastructurepublic policypythonquasarratransomwarercerdprdp exploitationreactreact2shellreconnaissanceredtailregulatory agenciesremote accessremote servicesresearchedretail traderscsaint helena, ascension and tristan da cunhascams & fraudscannerscripting attackssecurity policyself-signedshshell scriptshipping servicessmartloadersocial engineeringsoftware developmentspamspammingsparcsshssh attackssh exploitationsshdkitstealcsuperhsupply chain attacksupply chain managementt1021.001t1027t1055t1059t1059.001t1059.007t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195t1203t1204t1486t1496t1499.001t1499.002t1499.003t1499.004t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1569.002t1587.001t1595.001t1595.002t1595.003telecom servicestelecommunicationsthreat actorthreat intelligencethreat preventiontor detectiontor nodetransportation managementturkeyua-wgetunc5174united statesusvidarvpnvpn detectionvshellwarehouse operationswealth managementweb application attackweb attackweb attacksweb exploitationx86xmrigxwormzinfoqzip

Activity Timeline

1 total obs

May 4May 4

Threat Activity Heatmap

· Peak: 2026-05-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

92%

Confidence

Reports

First seenAug 30, 2025

Last seenMay 4, 2026

GeolocationUS

CountryUnited States

LocationNew York, New York

ASNAS202412

OrgOmegatech LTD

Coords51.2993, 9.4910

ProxyVPN

VirusTotal

Not checked

WHOIS

raw: inetnum: 178.16.55.0 - 178.16.55.255 netname: METASPINNERNET country: US geofeed: https://metaspinner.net/geofeed.csv descr: METASPINNERNET org: ORG-MNG8-RIPE abuse-c: MA28156-RIPE admin-c: MA28156-RIPE tech-c: MA28156-RIPE mnt-domains: metaspinner-mnt mnt-lower: metaspinner-mnt mnt-routes: metaspinner-mnt status: ASSIGNED PA mnt-by: lir-tr-mgn-1-MNT created: 2025-08-19T16:05:29Z last-modified: 2025-08-19T16:05:29Z source: RIPE organisation: ORG-MNG8-RIPE org-name: metaspinner net GmbH org-type: OTHER address: 22177 Hamburg, Seekamp 20 country: DE abuse-c: ACRO60080-RIPE mnt-ref: metaspinnernet-mnt mnt-ref: lir-tr-mgn-1-MNT mnt-by: metaspinnernet-mnt mnt-by: metaspinner-mnt created: 2025-04-18T13:47:46Z last-modified: 2025-04-19T13:23:08Z source: RIPE # Filtered role: metaspinnernet address: 22177 Hamburg, Seekamp 20 abuse-mailbox: [email protected] nic-hdl: MA28156-RIPE mnt-by: metaspinnernet-mnt created: 2025-04-18T13:44:21Z last-modified: 2025-08-19T15:49:10Z source: RIPE # Filtered route: 178.16.55.0/24 origin: AS209800 mnt-by: lir-tr-mgn-1-MNT created: 2025-08-15T14:50:31Z last-modified: 2025-08-15T14:50:31Z source: RIPE
references: https://www.ipqualityscore.com/sample-ip-blacklist.txt, https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/l/cve-2025-55182-analysis-poc-itw/CVE-2025-55182-combined-IOCs-F.txt, https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182, https://info.greynoise.io/hubfs/At-The-Edge/Weekly-Intelligence-Brief-120825.pdf, https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive, https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/, https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/, https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell, https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far, https://www.cve.org/CVERecord?id=CVE-2025-55182, https://nvd.nist.gov/vuln/detail/CVE-2025-55182, https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/, https://corelight.com/blog/react2shell, https://urlhaus.abuse.ch/browse/, https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/, Book1.csv, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`178.16.55.224`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey