IOC Radar
IPHighVerifiedSignal 57/100

217.148.142.18

Location
United StatesUnited States
New York, NY
ASN
AS9009
M247 LTD
First Seen
Mar 12, 2025
Last Seen
Nov 22, 2025
Mar 12
First Seen
458d ago
Nov 22
Last Seen
203d ago
5
Reports
source reports
57%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Network Information

CountryUSUnited States
RegionNew York, NY
ASNAS9009
OrganizationM247 LTD

IP Category

VPN
VPN exit node

Feed Intelligence Summary

5 reports57% confidence
5
Source reports
57%
Confidence score
Category tags
abuseagent teslaakamaialibabaandroidapi contactaptasiabeaconbeaconing activitybotnetc2c2 communicationchinacobaltcobalt strikecommand and controlcompromised systemconfigdata encryptiondata exfiltrationdistributed attackse-commerceeuropeextortionfeedfindfraudglobalhuaweiindicators of compromiseinformation technologyiociocsiotit infrastructurejquerylateral movementlinkedin pagemalicious softwaremalwaremalware distributionmedia & entertainmentnanocore ratnetworknetwork traffic analysisnorth americapayload deliveryphishingphppost-exploitation activityprocess injectionprotectproxyransomwareransomware feedremote access trojanresearchedsecurity operationssentinel mispserverslugsoftware developmentstrongsurface websystem disruptiont1005t1016t1021t1027t1041t1047t1049t1053t1055t1059t1059.001t1068t1071t1071.001t1083t1095t1105t1129t1134t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1569.002t1574telecommunicationthreat actorthreat feedthreat intelligenceunited statesunixusvietnamvpn

Activity Timeline

1 total obs
Nov 22Nov 22

Threat Activity Heatmap

· Peak: 2025-11-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) signifies a critical threat, directly linked to sophisticated cyber activities. The IP address 217.148.142.18 has been identified with a high score of 57.38, indicating its severe malicious nature and demanding immediate attention. Its primary association is with the "Cobalt" threat actor, known for employing the potent Cobalt Strike framework, a tool frequently abused for advanced persistent threats, including extensive post-exploitation, data exfiltration, an…

Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
5
Reports
First seenMar 12, 2025
Last seenNov 22, 2025
Verified IOC
GeolocationUS
CountryUnited States
LocationNew York, NY
ASNAS9009
OrgM247 LTD
Coords40.7123, -74.0068
VPN

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS9009 m247 ltd
raw
NetRange: 217.0.0.0 - 217.255.255.255 CIDR: 217.0.0.0/8 NetName: 217-RIPE NetHandle: NET-217-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2000-06-05 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/217.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references
https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 6 months ago
Appeared in 5 threat reports