IOC Radar
IPMediumSignal 74/100

62.60.226.159

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS214351
Femo IT Solutions Limited
First Seen
Mar 23, 2025
Last Seen
Jun 4, 2026
Mar 23
First Seen
460d ago
Jun 4
Last Seen
22d ago
16
Reports
source reports
74%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

109 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS214351
OrganizationFemo IT Solutions Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

16 reports74% confidence
16
Source reports
74%
Confidence score
Category tags
aarch64abuseabuse.ch threatfoxabusech-threatfox-c2cabusech-urlhaus-c2cacrstealeractive scanactive scanningadamratadaptixc2adversary behavioradwareadware.techsnabaesagentalibaba cloudalienvault_ransomwareamadeyamaterastealeramd64anyrunapkapplication layer protocolaptapt activityarcarchivearkanixstealerarkeistealerarmasciiasiaasyncratasyncrat c2asyncrat malwareattackaurastealerauto-generatedauto-jsauto-updatedautomated analysisbackdoorbad reputationbankerbanking trojanbase64base64-loaderbashbatbazaloaderbde score highbeaconblackmatterblankgrabberblocked-ipsbookingbotnetbotnet activitybotnetdomainbrabratbrute forcebusiness email compromisec2c2 activityc2 candidatesc2 communicationc2 frameworkc2 frameworksc2 indicatorsc2 infrastructurec2-communicationc2-infrastructurecabcensyschinachina originclassclearfake malwareclient executioncloakingclosecobalt strikecobalt strike c2cobalt strike frameworkcobalt-strikecobaltstrikecode executioncode injectioncoinminercommand & controlcommand and controlcommand executioncommunication channelcompromised hostcompromised hostscompromised systemcompromised systemscompromised websitesconfigcountloadercredential accesscredential dumpingcredential harvestingcredential stuffingcredential theftcrypt32cryptocryptocurrencycryptocurrency threatscryptojackingcyber securitycyber threatsdanabotdanabot malware activitydapatodarkclouddarktortilladarkvisionratdata encryptiondata exfiltrationdata store exposuredata theftdcratddosddos attacksdedeerstealerdefensedeimosc2desktopdeudiscorddistributed attacksdlldocdonutloaderdownloaderdropped-by-amadeydropped-by-phorpiexdropped-by-smokeloaderdropped-by-stealcdropperdropping-lummastealerdynamicloaderelectronic health recordselfemotetempire downloaderencodedencryptionenterprise securityeuropeeurope/asiaexeexecutable fileexfiltrationexfiltration activityexploitation activityextortionfake job platformfake-gitfakecaptchafalsefarflifeedfemoitfinancefinancial servicesfirstfraudfuerygafgytgame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologygeneric-av-detectiongeogermanygetshellgh0stratgithubgitlabgogogygoproxygotoresolveguest systemguildmaguloadergzhajimehashhavochavoc rathealth care and social assistancehealth information technologyhealthcare information systemsheodohexhex-loaderhigh bde scorehijackloaderhong konghookhook rathospital managementhotkeyhtahtmlhttpshuntioidentity & access exploitationindicatorindicators of compromiseinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinternet of thingsintrusion detectioniociocsiot botnetiot securityiot/ics attackip-addressiranbotirmisp-reputationit infrastructurejarjopajpg-base64-loaderjsjsejsonkaijikairoskariuskeyloggerkinsingkryplodkryptikladvixlateral movementlazagneledgerligololinuxlnkloaderlockbitlokilokibotlummastealerm68kmacosmacsyncmagecartmagentomalgentmalicious activitymalicious communicationmalicious domainmalicious domainsmalicious ipsmalicious ispmalicious linksmalicious payloadmalicious powershell activitymalicious softwaremalicious url disseminationmalicious url distributionmalvertisingmalwaremalware activity detectedmalware activity detectionmalware analysismalware beaconmalware beaconingmalware campaign detectionmalware communicationmalware distributionmalware distribution campaignmalware familymalware frameworkmalware indicatorsmalware infectionmalware payloadmalware urlmalwarehunterteammalwarexmamontmarkmarkgramstealermartemaskgramstealermassloggermedical servicesmetasploitmetastealermeterpretermettlemexmicrosoft teamsmilleniumratmillenuimratminermipsmiraimirai botnetmitre attackmitre-attackmobile gamingmobile threatmoobotmozimozi linkmsimsilmulti-framework malware campaignn-w0rmnetcatnetsupportmanagernetsupportmanager ratnetsupportratnetworknetwork activitynetwork beaconingnetwork communicationnetwork indicatorsnetwork infonetwork intrusionnetwork scanningnetwork securitynetwork sniffingnetwork traffic analysisnew caledonianextrayngiowebnjratodysseyodysseystealeroffloaderopen source intelligenceopen-source intelligenceopendiropensshoperating systemos credential dumpingosintosint-volleyoverview zenboxp2pparaguayparallaxratpassword-kiddonsmodmenupassword: 050565password: bluyspassword: cyrexpassword: divinexpassword: lunexpassword: ryospatch managementpatchedpathpath traversalpatient carepattern-32pattern-38payloadpayload deliverypeexeperlpersistence mechanismsphantomgatephantomstealerphexiaphishingphishing attackphppluginportscanpost-compromisepost-exploitationpost-exploitation activitypowerpcpowershellprocess injectionprocesses extraproxyps1pubpubkeypurecrypterpurelogsstealerpureratpwn-pzppythonpythonstealerquasquasarquasar ratquasar-ratquasarratransomwareransomware advisoriesransomware variantsrapidstealerrarratrat activityreact2shellreconnaissanceredir-302redlineredlinestealerredtailremcos trojanremcosratremote accessremote access toolremote access toolsremote access trojanremote servicesremusstealerrenpyreportresearchedresource hijackingrev-base64-loaderrisc-vrmmrobloxrozenarussiarussia originrustystealersaint helena, ascension and tristan da cunhasakura httpsalatstealersantastealerscams & fraudscannerscarfacestealerscrscriptscripting attacksscripting languagesectopratsecurity operationsself-signed certificateself-signed certificatesself-signed-certificateserviceservice scanshsha valuesshellshellcodesilverfoxskimmersliversmartloadersmoke loadersnakekeyloggersocial engineeringsocradarsoftware developmentsoftware exploitationsoftware vulnerabilitiesspamsparcsparkratspymaxssh attacksshdkitsslssl certificatesssl-enrichmentssl/tls certificatesstealcstealc c2stealc malwarestealerstegostix-2.1stripe-overlaystrratstubsubmit datesuperhsupply-chainsvcstealersystem disruptionsystembct1003t1003 credential dumpingt1003.001t1005t1021t1021.001t1027t1027.002t1027.003t1040t1041t1046t1047t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1069.001t1070t1071t1071.001t1071.002t1071.004t1074t1076t1078t1078.004t1083t1086t1095t1105t1110.002t1112t1129t1133t1189t1190t1192t1195t1195.002t1199t1203t1204t1204.001t1204.002t1205t1210t1211t1213t1213.002t1213.003t1219t1485t1486t1490t1496t1497t1499.001t1499.002t1499.003t1547t1555t1562t1564t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1568t1568.002t1569.002t1573t1573.001t1583t1583.001t1583.006t1583.007t1584t1584.001t1584.002t1584.004t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590.001t1592t1592.001t1592.004t1595.001t1595.002t1595.003t1598t1598.003t1608t1608.001t1608.002t1608.004tartaskuntdstencenttgzthreat actorthreat actor activitythreat actorsthreat intelligencethreat-intelligencethreatfox feedtinyloadertofseetoggletoolstor nodetraitortrezortrickmotrojantrojan malwaretrojan.msil/asyncrattsunamitsunami linkttp analysisua-emptyua-mshtaua-ps1ua-wgetunc-pathunited statesunknown malwareunknown stealerunknown-malwareupdaterurlhausurlsurls httpsusersvalleyratvanillaratvanillaratstubvannillaratvbsverdictvidarvideo gamesvietnamvioletwormvipkeyloggervulnerability scanwacatacwallstealerweb application attackweb application exploitationweb crawlerweb crawlingweb developmentweb exploitationweb injectionweb securitywindowwindowswinmmwinstawraithwsgidavx83xc4 x83xc4x86x86-32x86-64xc0x88d xc0x88dxecjxf4xff xf4xffxmlxml-opendirxmrigxssxwormyarazip

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
16
Reports
First seenMar 23, 2025
Last seenJun 4, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS214351
OrgFemo IT Solutions Limited
Coords50.1109, 8.6821
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 62.60.226.0 - 62.60.226.255 netname: FEMOITSOLUTIONS-DE-RENTNET country: DE org: ORG-FISL8-RIPE geofeed: https://geofeed.as214351.com/v4.csv admin-c: FISL8-RIPE tech-c: FISL8-RIPE abuse-c: FISL8-RIPE mnt-routes: FEMOITSOLUTIONS-mnt mnt-lower: FEMOITSOLUTIONS-mnt mnt-domains: FEMOITSOLUTIONS-mnt mnt-by: CHSCLOUD-MNT mnt-by: lir-ae-royal-1-MNT status: ASSIGNED PA created: 2024-10-02T22:53:10Z last-modified: 2025-02-06T09:36:01Z source: RIPE organisation: ORG-FISL8-RIPE org-name: FEMO IT SOLUTIONS LIMITED org-type: OTHER address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ address: UNITED KINGDOM abuse-c: FISL8-RIPE mnt-ref: CHSCLOUD-MNT mnt-ref: DEMENIN-MNT mnt-ref: FEMOITSOLUTIONS-mnt mnt-by: FEMOITSOLUTIONS-mnt created: 2024-10-02T19:39:37Z last-modified: 2026-02-24T15:05:58Z source: RIPE # Filtered role: FEMO IT SOLUTIONS LIMITED address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ abuse-mailbox: [email protected] nic-hdl: FISL8-RIPE mnt-by: FEMOITSOLUTIONS-mnt created: 2024-08-15T16:15:37Z last-modified: 2026-03-30T18:57:53Z source: RIPE # Filtered route: 62.60.226.0/24 descr: FEMO IT SOLUTIONS LIMITED origin: AS214351 mnt-by: CHSCLOUD-MNT mnt-by: FEMOITSOLUTIONS-mnt created: 2024-10-04T01:40:54Z last-modified: 2024-12-01T21:41:03Z source: RIPE
references
https://urlhaus.abuse.ch/browse/, https://vtbehaviour.commondatastorage.googleapis.com/93c8d17cfc1d37198ec68235361328afa953b3986bdd2be8cdce1b3908e32a9c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774649073&Signature=AoE4M%2Bbk8z1dvAQDE71siYrNnSPppxkrJ48W1DDJD9TgbcAJYo7Cw8Ft3fK9nskedxHCtUXq0ClgXN1m4L6a11RhjocW0Ucif3UJFwkMkSAH4oNlAdG7tdDolwUyXabfOp6vbQh7zXP39FeRvoiv5herWATPRVvB22cvlzoKOSUvsCh0t33HjTlTtj9Mw5k8jau29FfpOL7L0ZjLhP39XZ3eVxY10wiXpvcRfUtIZ0oQwIgXCBceigE7ka4MBYoXvjC5, https://vtbehaviour.commondatastorage.googleapis.com/93c8d17cfc1d37198ec68235361328afa953b3986bdd2be8cdce1b3908e32a9c_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774602117&Signature=GJRAxOKy5Ti19O5danDm6jZVf9i%2B1jkONiR5EbazB5bXMI%2B40CKT98OHvQNxwneyABK7Ie%2F09NbN5O4flZk3YAHeYRny4U%2BidCF5SA0rEaF3xpXDkcv4soaYTBerX8cN6%2BtKozSPuFaEHxO1r5JJUV%2B1TPmM3vUMLIxZuFGgyhYnjMHPoAS5zBDJ%2BYgkK4flsQLHi3KJ34ZsMMGOac2o4mg0FKU5PvGwttXsaLC308cyAlSUA, https://x.com/JAMESWT_WT/status/2005189115206402383?s=20, https://blog.koi.security/greedy-bear-massive-crypto-wallet-attack-spans-across-multiple-vectors-3e8628831a05, https://analytics.dugganusa.com/api/v1/stix-feed, https://www.dugganusa.com, https://analytics.dugganusa.com/v2, https://www.dugganusa.com/post/from-1-to-5-how-we-mapped-a-post-operation-endgame-c2-infrastructure, https://www.dugganusa.com/post/we-found-their-server-pattern-38-c2-infrastructure-exposed, https://www.dugganusa.com/post/pattern-43-the-password-is-in-the-filename, https://www.dugganusa.com/post/stealc-rhadamanthys-anatomy-of-a-github-supply-chain-infostealer, https://www.dugganusa.com/post/pattern-38-github-supply-chain-attacks-use-stolen-developer-credentials-from-2023-breaches, https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 22 days ago
Appeared in 16 threat reports