IPLowSignal 45/100

`139.45.197.247`

Location

Germany

Frankfurt am Main, Hesse

ASN

AS9002

Networkclaim Com

First Seen

May 9, 2025

Last Seen

May 22, 2026

May 9

First Seen

401d ago

May 22

Last Seen

24d ago

Reports

source reports

45%

Confidence

low

0/91

VirusTotal

detections

Found in 8 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

45%

Signal Score

45 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

39 techniques

Network Information

Country

Germany

RegionFrankfurt am Main, Hesse

ASNAS9002

OrganizationNetworkclaim Com

Feed Intelligence Summary

8 reports45% confidence

Source reports

45%

Confidence score

Category tags

aaaaabuseacademic institutionsaccount securityactive scanactive scanningactivity dnsacurix networksalienvault_ransomwareall octoseekanalyzeapple phoneasnoneattackavast avgbad reputationbad web botbadgerbeijing baidubitratbodisbodybotnet activitybrian sabeybrute forcebrute force attackcanadacapturechaoschromecivil servicesck idclassclickclick-based attackcnamecobalt strikecodecode executioncode injectioncom laudecommandcommand & controlcommand and controlcommand decodecommand executioncommunication protocolcommunication technologiescontactcontacted urlscookiecopycorecreation datecredential accesscredential harvestingcredential stuffingcritical riskcrypcsc corporatecus cnr3cyber threatdark powerdata accessdata copyingdata encryptiondata exfiltrationdata privacydata store exposuredata transferddosddos attacksdedebugdelete cdenial of servicedgadigitaloceanasndns attackdnssecdomaindomainsdomains managedroppededucationeducational resourceseducational serviceseducational technologyegregorelectronic health recordsemailemailsemotetencryptencryptionentriesetisalat misreuropeexploit domainexploitation activityexploited hostextortionfalsefilesfindfirstgeckogermanyget responsegnu linkergovernment technologygrouphackinghacking toolshasheshealth care and social assistancehealth information technologyhealthcare information systemshidden cobrahidehighhigher educationhighly targetedhistorical sslhospital managementhostnamehostname enumerationhttphttp attackhttp methodhttp requestshttp scannerhunting macrohybridicedidicmp trafficicons libraryidentity & access exploitationindicatorinfo headerinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection activityintelinternet of thingsiociocsiot botnetiot securityiot/ics attackips collectionipv4it consultantit infrastructurek-12 educationkey algorithmkey identifierkey infokhtmlkimsukykit exploitlink librarylocallookup wannacrylow softwarelowfiltd dbamalicious activitymalicious domainsmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware activitymalware beaconmalware distributionmalware dnsmalware hostingmedia centermedical servicesmemorymemory patternmemory scanningmetametadata analysismetromiraimirai botnetmitre attmitre attackmobile carriersmobile networksmozillams windowsmsiemtb showingmutexname md5name servername serversnamecheap incnanocore ratnetherlandsnetworknetwork hijacksnetwork scanningnextnlnorth americanumberobserved dnsoletonlineoperating system securityos2 executableoverlayowner exploitpacking t1045panamaparent domainpassive dnspassword attackspastepatient carepatternpattern domainspattern urlspdb pathpe sectionpe32 linkerphishingphishing attackplay ransomwareplaygamepowershellpreconditionprivacyprivacy badgerprivacy serviceprocess injectionpsexecpt morapublic administrationpublic infrastructurepublic policypulse pulsespushqakbotqbotqueryr processesransomransomexxransomwareread creconnaissancerecord typerecord valueredlineredline stealerregion createregion updateregistrant nameregulatory agenciesremote servicesrequestresearchedrostpayroundupsabey typesamplessandboxscan endpointsscannerscripting attackssearchsecurity operationsseedserverserversservicesettings widgetshell codeshell commandsshowshowingsites generalskynetslcc2social engineeringsocial media securitysoftware developmentsoftware exploitationssh attackssl certificatestaticstatic analyzerstatusstealerstringssubject publicsubmitsuricata ipv4suspsuspicous ipsystem disruptiont1005t1021t1027t1030t1041t1055t1059t1059.001t1071t1071.001t1078t1086t1105t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1589.001t1590.001t1595.001t1595.002t1595.003technical citytelecom servicestelecommunicationsthirdthreatthreat actorthreat analyzerthreat intelligencethreat roundupthreatstipstor nodetrackertracking domainstreetrojantrojan malwaretrojanclickertsara brashearsttl valuetwitteruk collectionunitedunited kingdomunited statesunivjosurlsurls httpurls urlurlscanurlshortner decurlshortner sepursnifuser executionutc submissionsv3 serialvectvect ransomwarevirtoolvirusvulnerability scanweb application attackweb exploitationweb securityweb trafficwhois filewhois lookupwhois recordwhois sslcertwhois whoiswin16 newin32 dynamicwin32 malwarewin32pcmega janwindows malwarewindows ntwritewrite cxor ddosxorddosyara detectionsyouth

Activity Timeline

1 total obs

May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address identified as `139.45.197.247`, carries significant implications for organizational security, signaling potential exposure to advanced and destructive cyber threats. With a score of 44.725, it is strongly linked to malicious activities, including various forms of ransomware operations, sophisticated phishing campaigns, and data exfiltration attempts. If this IOC is present within the organizational network, it could indicate an ongoing compromi…

Threat ScoreMedium Risk

SIGNAL

Signal Score

45%

Confidence

Reports

First seenMay 9, 2025

Last seenMay 22, 2026

GeolocationDE

CountryGermany

LocationFrankfurt am Main, Hesse

ASNAS9002

OrgNetworkclaim Com

Coords52.3785, 4.9000

VirusTotal

0/ 91vendors flagged

0% detection rateJun 8, 2026

WHOIS

raw: inetnum: 139.45.196.0 - 139.45.197.255 netname: networkclaim-com country: NL admin-c: PALA1-RIPE tech-c: PALA1-RIPE abuse-c: PALA1-RIPE status: LEGACY mnt-by: MNT-RETN mnt-by: MNT-RETN created: 2022-03-31T09:37:19Z last-modified: 2023-01-31T15:44:25Z source: RIPE role: networkclaim-com Abuse-c abuse-mailbox: [email protected] address: Keienbergweg 22, 1101 GB Amsterdam nic-hdl: PALA1-RIPE mnt-by: MNT-RETN created: 2022-03-31T09:29:44Z last-modified: 2023-01-13T08:39:37Z source: RIPE # Filtered route: 139.45.192.0/19 origin: AS9002 mnt-by: MNT-RETN created: 2022-11-16T09:28:07Z last-modified: 2022-11-16T09:28:07Z source: RIPE
references: redhatdelete.com, Mutexes Opened {0C8E6D89-EA51-848A-7775-6C2CC072CA88}, explorer.exe • Explorer.EXE • upnaneat-xex.exe • akgibik.exe • wmiadap.exe • wmiprvse.exe • winlogon.exe • tmpo3rfa1vg.exe, https://otx.alienvault.com/indicator/file/f58f360a1f6b5e3e28fa64dd88ec2c9893f2f1d290f4a8cf67ac49952e32cc60, Trojan-Ransom.Win32.Blocker.jgb Checkin, https://otx.alienvault.com/indicator/file/000ad3f22cedbd36e425ca046b2aa0c228754b6fd94d30105ad9343ad9742695, https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/vast-malvertising-network-hijacks-browser-settings-to-spread-riskware/, https://www.alertasyseguridad.com/, https://attack.mitre.org/

`139.45.197.247`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy