IOC Radar
IPHighVerifiedSignal 78/100

45.131.214.132

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS200823
MHost LLC
First Seen
Mar 25, 2026
Last Seen
May 28, 2026
Mar 25
First Seen
92d ago
May 28
Last Seen
27d ago
5
Reports
source reports
78%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

5 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS200823
OrganizationMHost LLC

Feed Intelligence Summary

5 reports78% confidence
5
Source reports
78%
Confidence score
Category tags
active scanasiaattackbrute forcecargocommand & controlcredential harvestingcredential stuffingenumerateeuropeexploitation activitygermanyhong konghttpidentity & access exploitationipv4malwarenetworkphishingphishing attackpowershellproxyremote accessresearchedrustseychellessocial engineeringspankloaderspankratt1027t1055t1566.001t1566.002t1566.003trojanwebsocket c2windows

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
5
Reports
First seenMar 25, 2026
Last seenMay 28, 2026
Verified IOC
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS200823
OrgMHost LLC
Coords22.2578, 114.1657

VirusTotal

Not checked

WHOIS

description
CC=FR ASN=AS60781 leaseweb netherlands b.v.
raw
inetnum: 45.131.214.0 - 45.131.214.255 netname: MHost_LLC geofeed: https://mhost.ee/geofeed.csv org: ORG-ML960-RIPE country: DE admin-c: NA9632-RIPE tech-c: NA9632-RIPE status: ASSIGNED PA mnt-by: LocalNCC-mnt mnt-by: FORESTSNET-MNT mnt-by: MHOSTLLC-MNT created: 2021-12-17T11:23:48Z last-modified: 2026-02-27T01:55:47Z source: RIPE organisation: ORG-ML960-RIPE org-name: MHost LLC org-type: OTHER address: Georgia, Kobuleti district, Leghva village, 13th street, lane I, N6 country: GE abuse-c: ACRO63603-RIPE mnt-ref: LocalNCC-mnt mnt-ref: FORESTSNET-MNT mnt-ref: DGTLS-MNT created: 2026-02-18T17:55:05Z last-modified: 2026-02-27T01:46:43Z source: RIPE # Filtered mnt-by: LocalNCC-mnt mnt-by: FORESTSNET-MNT mnt-by: MHOSTLLC-MNT role: Network Administration address: Georgia, Kobuleti district, Leghva village, 13th street, lane I, N6 nic-hdl: NA9632-RIPE mnt-by: MHOSTLLC-MNT created: 2026-02-21T14:11:29Z last-modified: 2026-02-21T14:11:29Z source: RIPE # Filtered route: 45.131.214.0/24 origin: AS200823 mnt-by: LocalNCC-mnt created: 2026-02-22T13:00:05Z last-modified: 2026-02-22T13:00:05Z source: RIPE
references
https://cybersecuritynews.com/spankrat-exploits-windows-process/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 3 months ago · Last seen 27 days ago
Appeared in 5 threat reports