IPMediumSignal 18/100
139.45.197.152
Location
GermanyFrankfurt am Main, Noord-Holland
ASN
AS9002
Networkclaim Com
First Seen
Nov 20, 2023
Last Seen
Nov 21, 2023
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
18%
Signal Score
18 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, Noord-Holland
ASNAS9002
OrganizationNetworkclaim Com
Feed Intelligence Summary
4 reports18% confidence
4
Source reports
18%
Confidence score
Category tags
aaaaaccount securityactivity dnsacurix networksaerospace & defenseall octoseekanalyzeapple phoneasnoneattackauto-generated securityavast avgbankingbeijing baidubitratbodisbodybrian sabeycapturechaoschromeck idclassclick-based attackcnamecobalt strikecode executioncode injectioncom laudecommandcommand and controlcommand decodecommand executioncommunication protocolcommunication technologiescontactcontacted urlscookiecorecreation datecredential harvestingcredit card servicescritical riskcrypcsc corporatecus cnr3cyber threatdark powerdata accessdata copyingdata encryptiondata exfiltrationdata transferddosddos attacksdebugdefensedefense contractingdefense logisticsdefense systemsdefense technologydelete cdenial of servicedigitaloceanasndnssecdosdroppedegregoremailsemotetencryptentriesetisalat misreuropeexploit domainextortionfalsefilesfinancefinancial servicesfinancial technologyfindfirstgeckogermanyget responsegnu linkergrouphacking toolshasheshidden cobrahighhighly targetedhistorical sslhostname enumerationhttp attackhttp methodhttp requestshttp scannerhunting macrohybridicedidicmp trafficicons libraryindicatorinfo headerinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjectionintelinternet of thingsiocsiot botnetiot/ics attackips collectionipv4it consultantit infrastructurekey algorithmkey identifierkey infokhtmlkimsukykit exploitlink librarylocallookup wannacrylow softwarelowfiltd dbamalicious activitymalicious linksmalicious powershell activitymalicious softwaremalwaremalware beaconmalware dnsmalware hostingmedia centermemorymemory patternmemory scanningmetadata analysismetromilitary operationsmirai botnetmitre attmitre attackmobile carriersmobile networksmozillamsiemtb showingmutexname md5name servername serversnamecheap incnanocore ratnational securitynetherlandsnetworknetwork hijacksnetwork scanningnextnumberobserved dnsoletoperating systemoperating system securityos2 executableoverlayowner exploitpacking t1045parent domainpassive dnspastepatternpattern domainspattern urlspayment processingpdb pathpe sectionpe32 linkerphishingphishing attackplay ransomwareplaygamepreconditionprivacyprivacy serviceprocess injectionpsexecpt morapulse pulsespushqakbotqbotqueryr processesransomransomexxransomwareread creconnaissancerecord typerecord valueredline stealerregion createregion updateregistrant nameremote servicesrequestresearchedrostpayroundupsabey typesamplesscan endpointsscripting attackssearchseedserversserviceshell codeshell commandsshowshowingskynetslcc2social engineeringsocial media securitysoftware developmentsoftware exploitationssl certificatestatusstringssubject publicsuricata ipv4suspsuspicous ipsystem disruptiont1005t1021t1021.001t1027t1030t1055t1059t1059.001t1059.007t1069.001t1071t1071.001t1078t1086t1105t1190t1203t1204.001t1204.002t1486t1490t1496t1499.002t1565t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1589.001t1590.001technical citytelecom servicestelecommunicationsthirdthreatthreat actorthreat analyzerthreat roundupthreatstipstrackertreetrojan malwaretrojanclickertsara brashearsttl valuetwitterufonetuk collectionunitedunited kingdomunivjosurlsurls httpurls urlurlshortner decurlshortner sepursnifuser executionutc submissionsv3 serialvirtoolvirtual machinesvmwarevmware workstationwealth managementweb attackweb exploitationweb redirectionweb securityweb trafficwhois filewhois lookupwhois recordwhois sslcertwhois whoiswin16 newin32 dynamicwin32 malwarewin32pcmega janwindows 10windows 11windows malwarewindows ntwritewrite cxor ddosxorddosyara detectionsyouth
Activity Timeline
Nov 21Nov 21
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
18
SIGNAL
Signal Score
18%
Confidence
4
Reports
First seenNov 20, 2023
Last seenNov 21, 2023
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Noord-Holland
ASNAS9002
OrgNetworkclaim Com
Coords51.4964, -0.1224
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 139.45.196.0 - 139.45.197.255 netname: networkclaim-com country: NL admin-c: PALA1-RIPE tech-c: PALA1-RIPE abuse-c: PALA1-RIPE status: LEGACY mnt-by: MNT-RETN mnt-by: MNT-RETN created: 2022-03-31T09:37:19Z last-modified: 2023-01-31T15:44:25Z source: RIPE role: networkclaim-com Abuse-c abuse-mailbox: [email protected] address: Keienbergweg 22, 1101 GB Amsterdam nic-hdl: PALA1-RIPE mnt-by: MNT-RETN created: 2022-03-31T09:29:44Z last-modified: 2023-01-13T08:39:37Z source: RIPE # Filtered route: 139.45.192.0/19 origin: AS9002 mnt-by: MNT-RETN created: 2022-11-16T09:28:07Z last-modified: 2022-11-16T09:28:07Z source: RIPE
- references
- redhatdelete.com, Mutexes Opened {0C8E6D89-EA51-848A-7775-6C2CC072CA88}, explorer.exe • Explorer.EXE • upnaneat-xex.exe • akgibik.exe • wmiadap.exe • wmiprvse.exe • winlogon.exe • tmpo3rfa1vg.exe, https://otx.alienvault.com/indicator/file/f58f360a1f6b5e3e28fa64dd88ec2c9893f2f1d290f4a8cf67ac49952e32cc60, Trojan-Ransom.Win32.Blocker.jgb Checkin, https://otx.alienvault.com/indicator/file/000ad3f22cedbd36e425ca046b2aa0c228754b6fd94d30105ad9343ad9742695, trojan, malware, intrusion, domain request, web attack, web redirection, denial of service, distributed denial of service, https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/vast-malvertising-network-hijacks-browser-settings-to-spread-riskware/, https://www.alertasyseguridad.com/, https://attack.mitre.org/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 2 years ago
Appeared in 4 threat reports