IOC Radar
IPMediumSignal 60/100

5.182.87.118

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS210644
Aeza Group LLC
First Seen
Jan 31, 2026
Last Seen
Jun 3, 2026
Jan 31
First Seen
140d ago
Jun 3
Last Seen
17d ago
10
Reports
source reports
60%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

23 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS210644
OrganizationAeza Group LLC

Feed Intelligence Summary

10 reports60% confidence
10
Source reports
60%
Confidence score
Category tags
abuseabusech-urlhaus-c2cactive scanactive scanningapkaptarcarmarm5arm6arm7asciiaustraliabackdoorbad reputationbase64-loaderboatnetbotbotnetbotnet activitybotnetdomainbrute forcebrute force attackc2castleratcnccobaltstrikecoinminercommand & controlcommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential stuffingcryptocurrencydata exfiltrationdata store exposuredatabase attackddosddos attackdedecoy systemdenial of servicedionaeadionaea honeypotdropped-by-amadeyelfencodedencryptioneuropeeurope/asiaexeexecutable fileexploitexploitation activityexploited hostfattftpftp brute forcegafgytgermanygithubgolanggotoresolveguloaderhackinghajimehoneytrap honeypothtahttp brute forcehttp scanneri468i686identity & access exploitationindicatorinfostealerinitial accessinjection activityintrusion detectioniociot securityiot targetedjsckemo828kimsukylateral movementloaderlodalodaratluam68kmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemassloggermemzmipsmips.miraimobile threatmozimpslmsinetworknetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork traffic analysisnodejsoceaniaopendirp0fpassword attacksphantomstealerphishingphishing attackphishing trappossible botnet activitypowerpcpowershellppcprocess injectionprotocol exploitationps1purecrypterpureratqbotransomwareratreconnaissanceremcosratresearchedresource hijackingrev-base64-loaderrmmrussiarussian federationrustystealersaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscannerscanning activityscanning for vulnerabilitiesscripting attackssensor-taggedsentrypeer botnetshsmartloadersmtpsmtp brute forcesparcspcssh attackssh monitoringsuperht-pott1021t1040t1055t1059t1059.007t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1565t1595t1595.001t1595.002t1595.003tannertargeting databasetelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotua-wgetvidarvoip attackvulnerability scanweb application attackweb attackweb exploitationweb trafficx86x86_64xwormzip

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
10
Reports
First seenJan 31, 2026
Last seenJun 3, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS210644
OrgAeza Group LLC
Coords55.7386, 37.6068

VirusTotal

Not checked

WHOIS

raw
inetnum: 5.182.87.0 - 5.182.87.255 netname: AEZA-NET-FRA geoloc: 50.1198369 8.7343672 country: DE org: ORG-AGL50-RIPE admin-c: NT5020-RIPE tech-c: NT5020-RIPE abuse-c: AR79375-RIPE status: ASSIGNED PA mnt-by: aeza-mnt mnt-by: lir-ru-aezagroup-1-MNT created: 2023-10-26T13:40:41Z last-modified: 2026-03-05T18:22:01Z source: RIPE geofeed: https://aeza.net/static/ipv4_f.csv organisation: ORG-AGL50-RIPE org-name: AEZA GROUP LLC country: RU org-type: LIR address: Room 1N, Office 603, Hse 15, Building 1, Zolnaya Street, Pravoberezhny address: 193318 address: Saint Petersburg address: RUSSIAN FEDERATION phone: +79650135518 phone: +78002006013 admin-c: NT5020-RIPE tech-c: NT5020-RIPE abuse-c: AR79375-RIPE mnt-ref: lir-ru-aezagroup-1-MNT mnt-ref: aeza-mnt mnt-ref: IVC-MNT mnt-ref: Renets-mnt mnt-ref: VF1-MNT mnt-ref: DN-MNT mnt-ref: WEBROCKET-MNT mnt-ref: QWARTA-MNT mnt-ref: ROSNIIROS-MNT mnt-ref: mnt-ru-am-1 mnt-ref: IROST-MNT mnt-ref: JD-RIPE-MNT mnt-ref: cicnet-mnt mnt-ref: ru-permtelecom-1-mnt mnt-ref: INTERLAN-MNT mnt-ref: MNT-INTERLAN mnt-ref: AS15509-MNT mnt-ref: sistemallc-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-aezagroup-1-MNT created: 2025-12-29T09:59:14Z last-modified: 2026-03-13T15:30:54Z source: RIPE # Filtered role: NOC team address: RUSSIAN FEDERATION address: Saint Petersburg address: 193318 address: Room 1N, Office 603, Hse 15, Building 1, Zolnaya Street, Pravoberezhny phone: +78002006013 nic-hdl: NT5020-RIPE mnt-by: lir-ru-aezagroup-1-MNT created: 2025-12-29T09:59:13Z last-modified: 2025-12-29T09:59:13Z source: RIPE # Filtered route: 5.182.87.0/24 origin: AS210644 mnt-by: aeza-mnt created: 2023-11-03T06:49:16Z last-modified: 2023-11-03T06:49:16Z source: RIPE
references
https://urlhaus.abuse.ch/browse/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 17 days ago
Appeared in 10 threat reports