IOC Radar
IPMediumSignal 24/100

217.20.57.22

Location
GermanyGermany
Frankfurt am Main, Berlin
ASN
AS20253
EU FRA
First Seen
Jul 23, 2024
Last Seen
May 14, 2026
Jul 23
First Seen
690d ago
May 14
Last Seen
30d ago
5
Reports
source reports
24%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
24%
Signal Score
24 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

84 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Berlin
ASNAS20253
OrganizationEU FRA

Feed Intelligence Summary

5 reports24% confidence
5
Source reports
24%
Confidence score
Category tags
aaaaacademic institutionsaccount discoveryaccount hijackingaccount profilingaccount takeoveractive relatedactive scanactive scanningadd tagadded activeadversary tagsaerospace & defenseahmannahmann specialalertsameramericaanalysis dateapacheapt27ascii textasiaattav detectionsbackdoorbad actorbestbuy databinary filebodybotnetbotnet activitybrian sabeybrute forcebrute force attackbrute force attacksbusiness impersonationcanadacapture t1140chinachristopher ahmanncivil servicesck idck idsck t1027ck techniquesclick-based attackcolorado statecommandcommand and controlcommand historycommunication protocolcommunication technologiescommunity managementcompromised onedrivecontactcontent lengthcontent sharingcontrols t1562copy md5copy sha1copy sha256corporate lawcounselcountries addcountry malwarecreation datecredential accesscredential stuffingcredential theftcybervolkdata accessdata breachdata copyingdata exfiltrationdata leakdata store exposuredata transferdefensedefense contractingdefense logisticsdefense systemsdefense technologydelphidenmarkdigital platformsdiscovery t1069distributed attacksdll sideloadingdns attackdoxingeducationeducational resourceseducational serviceseducational technologyelectronic health recordsencryptenigmaentityentriesentries peethics violationeuropeeurope/asiaexecution flowexploitation activityfastly errorfiles locationfinanceflag unitedfor privacyfraudftpfunctiongeneral fullgermanygirls doporngovernment technologygravity ratgroups addhall renderhealth care and social assistancehealth information technologyhealthcare information systemshighhigher educationhistoryhong konghospital managementhostname enumerationhours agohtml documenthttp attackhttp scannerhybrididentity & access exploitationids detectionsindicatorinformation gatheringinformation technologyinformation theftinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintellectual property lawionosionosasiot securityipv4it infrastructurejohn marshallk-12 educationlaw practicelaw schoollearnlegal consultinglegal professionlegal researchlegal sector targetinglegal serviceslegal technologylocallogging t1568mainmalicious downloadmalicious linksmalicious softwaremalwaremalware distributionmalware droppermarkusmediamedia contentmedical servicesmediummetadata analysismilitary operationsmitre attmobile carriersmobile networksmodify toolsmovedname tacticsnation-state activitynational securitynetworknetwork scanningnextnext associatednone filenorth americaoilrigonedrive compromiseonline harassmentopen source intelligenceosintother services (except public administration)packed executablepassive dnspassword attackspath traversalpatient carepattern matchphishingpornhubpresent marpresent novprocess injectionprotocol t1105providepublic administrationpublic infrastructurepublic policypublic tlppulse providepulse pulsespulsespulses nonepulses urlqshellransomwarereconnaissancereferences addregulatory agenciesregulatory compliancerelated nidsrelated pulsesrelated tagsremoteremote accessremote servicesreport spamreputation damageresearchedreverse dnsrole titlerussiascams & fraudscriptscript urlssearchshowshowingsizesmear campaignsocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingsoftware developmentspamspawnsspecial counselssh attackstringssubvert trustsuspt1005t1010t1016t1021t1021.001t1027t1030t1036t1041t1045t1055t1056t1057t1059t1059.001t1059.003t1060t1068t1069t1070.006t1071t1071.001t1071.004t1076t1078t1082t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1114t1133t1140t1189t1190t1192t1197t1204t1204.001t1204.002t1210t1480t1486t1496t1497t1499.002t1499.003t1518.001t1542.003t1553t1555t1555.003t1562t1562.001t1563t1565t1566t1566.001t1566.003t1567t1567.001t1568t1574t1574.002t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1590.001t1593t1595t1595.001t1595.002t1595.003t1598t1608tam legaltelecom servicestelecommunicationsthreat actortitle addedtor nodetrackertreece alfreytrojan malwaretrojandroppertwittertype indicatorunitedunited statesurlsuser engagementuser executionuss cusvwusvwuweb application attackweb application exploitationweb scrapingweb securityweb trafficwhitewin32 malwarewindowwindows malwarewriteyarayara detections

Activity Timeline

1 total obs
May 14May 14

Threat Activity Heatmap

· Peak: 2026-05-14
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
24
SIGNAL
Signal Score
24%
Confidence
5
Reports
First seenJul 23, 2024
Last seenMay 14, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Berlin
ASNAS20253
OrgEU FRA
Coords55.7123, 12.0564

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS20253 QWILTED-PROD-01
raw
NetRange: 217.0.0.0 - 217.255.255.255 CIDR: 217.0.0.0/8 NetName: 217-RIPE NetHandle: NET-217-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2000-06-05 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/217.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references
https://www.virustotal.com/graph/embed/g515da5bcd1fe459da00aad57869cb1a1ff48684736f249efaa7846c02bd486b2?theme=dark, https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98/summary, https://www.virustotal.com/graph/embed/gfc33296181c74257ae503130940c083ee0c60fc5174e47118fc38f04ffb09584?theme=dark, https://www.virustotal.com/ui/file_behaviours/2bc23a995bf4af9ba43ee21bd71c398444dd994b84d8fb7cb94b5429af4e60bf_Zenbox/html, https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98/iocs, https://www.virustotal.com/graph/embed/g8a2d0c1eca164cb0a1844db566d28208e0e5b5e03bfb4377a98265a5c0e47960?theme=dark, https://www.virustotal.com/graph/embed/g03752e112d454511bb41e53c4ca610371d531e6bfe2444ed9fd093145aef08f0?theme=dark, https://vtbehaviour.commondatastorage.googleapis.com/b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1724181274&Signature=i8XiiJ%2BdCvj6ByL4c5tRY21ZEXdquVAdSRwC7OrdlnUHP75gU59aV17r7CtZaWH%2B1qhK94T1CSnRScW5Ez3t%2B9eCCNPcgPI2mOl1c1dBBiiIrj3r1rIzlDQyKFTQhaLjOzFcFzCL5OZ8XXk6ppN9iC6N5uEYJWHDOZs7bbsQYPwnmo2iwRhFDDUjSCQMKwOPrF34fDOoqnSlZCfe981ZRIr6HISZTbu1fhFFdpNgPTVw7D3Y384i4b6nkfzjkI8u, https://vtbehaviour.commondatastorage.googleapis.com/b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1724181174&Signature=XTu5xxPcqMp3JXhCztWWQOwupXutbdzYwP1MwmdMKWErO3M%2FWEjxgmoErtsmQnLlYNIXVLVgervCeRmzfUzT1wiVZpMuHQS7UFndYWF53GNwFdAzDd4kqU%2F09GvKe1Da4wgvN0HHvA4wdRUm6os0N9jjSFRIXKc6ALqq0eHL7LgDtV6fdx1g22MN2RLGfNkkzIpXSuUwD%2BeFPR0osNVszClRiFi5dLJIahlcjYcWeTpd%2FGvBQ2kLcv, https://www.virustotal.com/graph/embed/gcf877329e4824f7ea96cf4dce8a5fe5f7b0ba40333ae46ba92da9a514c2e006b?theme=dark, https://www.virustotal.com/graph/embed/g64431c9444084659a4360cb063de46ef275e7f87c38a4da8b67dde4541729147?theme=dark, https://vtbehaviour.commondatastorage.googleapis.com/b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1724263681&Signature=sRNF3CXtbsizlNdCMDBJqa0Oxx4P3yW1sAZJvHB1xF981vua%2Fxh6EAKeKpwFlRlflCybIOWHPyQC5awq%2BwJslkM%2FLI9Wv5HA4EipG36shGNh5ML2wkco57c9ITd8dKgOti67d9sVy2VQHcLt3o5UBMlOE%2BMhhf4AONsGvftAO7kQsz41rdwT4L%2BnBHntaiIqG6Rz438Lo%2FcyaTFgmNJ5NkbVgnEJvWhqhqGzFhk18O8wZt1Nh4, https://vtbehaviour.commondatastorage.googleapis.com/b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1724263684&Signature=xXQ9O6EGcEiatL%2FEjaTaOTH9kgTWN7ZCmaIM6wb2vcXjEmSqDd6c9XpfadCYK9uln%2FKAqjzkVCs9reZTrsl8p6w6MDIelJQ%2FdCUTriPH%2F%2FWy3yiRbT6VZGnVk9iNBOxIGDE%2Bz4UPbuLXaler%2B11uCyHouGQJhG1CvoCEC64JpsC89GsV9%2FaOyrduTZK3XJpvrRVMdoRTKEayIYHD59OSeCeLlAde2yETDvIOPoxT6Bp5FO1spfMq7S, updated 08.21.24: https://www.virustotal.com/graph/embed/g64431c9444084659a4360cb063de46ef275e7f87c38a4da8b67dde4541729147?theme=dark, https://vtbehaviour.commondatastorage.googleapis.com/27f74e49d7263156339c0b950fdbd6c98f633254229085814689ba348ea4d85a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1724426279&Signature=KWv3ie5iuSeNS%2Flc%2BGXXzfwbqKYxF4lfka5N2gHnA6gYz63eETZ8yzhfO64lV6HacEN9qfuNfVzdltiRLDV8hweWSZHPdZgx%2ByHGwEvpBI6Pk7PvgX8nKdcJso8%2B1iA3hgRF10wNbQKIZP3K%2BOMdzLLHN9JpuSJUVxxHVhORYlokSH6OaM6Yn6qzdNQcGhAH%2B3LXiSJZggxduc%2F2cGsNIj47o%2FCrC3B0GZzIicJar8MJFq

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 5 threat reports