IOC Radar
IPMediumSignal 65/100

5.181.159.16

Location
United StatesUnited States
New York, New York
ASN
AS39798
MivoCloud SRL
First Seen
Jan 11, 2025
Last Seen
Apr 1, 2026
Jan 11
First Seen
517d ago
Apr 1
Last Seen
73d ago
15
Reports
source reports
65%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryUSUnited States
RegionNew York, New York
ASNAS39798
OrganizationMivoCloud SRL

Feed Intelligence Summary

15 reports65% confidence
15
Source reports
65%
Confidence score
Category tags
abuseactive scanactive scanningaerospace & defenseaptasiaasyncratattackbad reputationbotnetbotnet activitybrazilbrute forcebrute force attackc2c2 communicationcertcivil servicescnccommand & controlcommand and controlcompromise ipv4connected devicescredential accesscredential harvestingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingdata exfiltrationdata store exposuredcratddosddos attackddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydevice managementdionaea honeypotdistributed attackselfeuropeexecutable fileexploitationexploitation activityfinancegermanygovernment technologyhoneytrap honeypotidentity & access exploitationindicatorindonesiaindustrial iotinformation stealerinfostealerinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsiotiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4 portlamplinuxlummamalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmexicomilitary operationsmiraimirai botnetmirai botnet activitymoldova, republic ofmozimozi linknational securitynetworknetwork scanningnetwork securitynorth americaopendirpassword attacksphishingphishing attackpolcertprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwareratreconnaissanceregulatory agenciesremote access trojanresearchedresource hijackingsalityscannershsingaporesmart devicessocial engineeringsouth americassh attacksteamt1021t1021.001t1040t1047t1053t1055t1059t1068t1071t1071.001t1078t1105t1110.001t1110.002t1110.003t1110.004t1190t1204t1204.002t1486t1496t1497t1497.001t1498t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1590.001t1595.001t1595.002t1595.003tcp/23tech mahindratelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat reporttor nodeturkeyukraineunited statesusvanuatu

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The IP address 5.181.159.16 is a critical Indicator of Compromise (IOC) with a high threat score of 65.46, signaling a significant and immediate risk to organizational security. This IP address is strongly linked to sophisticated cyber activities, including those orchestrated by the Advanced Persistent Threat (APT) group 'SALTY SPIDER'. The presence of this IOC suggests potential involvement in various attack phases, from initial compromise through spear phishing techniques to more advanced stag…

Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
15
Reports
First seenJan 11, 2025
Last seenApr 1, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS39798
OrgMivoCloud SRL
Coords40.7128, -74.0060

VirusTotal

Not checked

WHOIS

description
CC=MD ASN=AS39798 mivocloud srl
raw
NetRange: 5.0.0.0 - 5.255.255.255 CIDR: 5.0.0.0/8 NetName: RIPE-5 NetHandle: NET-5-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/5.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references
https://1275.ru/ioc/gs-25-1276-mirai-botnet-iocs_9954, https://urlhaus.abuse.ch/, https://any.run/malware-trends/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 15 threat reports