IOC Radar
IPMediumSignal 57/100

77.90.153.43

Location
GermanyGermany
Augsburg, ENG
ASN
AS2856
CONTRUST
First Seen
May 24, 2025
Last Seen
Jun 7, 2026
May 24
First Seen
385d ago
Jun 7
Last Seen
7d ago
21
Reports
source reports
57%
Confidence
medium
5/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryDEGermany
RegionAugsburg, ENG
ASNAS2856
OrganizationCONTRUST

Feed Intelligence Summary

21 reports57% confidence
21
Source reports
57%
Confidence score
Category tags
abuseacademic institutionsacceptaccess controlaccommodation and food servicesaccommodation servicesactive scanningaptattackblacklisted ipbotnetbotnet activitybotnet infectionbrute forcebrute force attackbrute force detectionbrute_forcec2 activitycastlebotcastleloadercastleloader c2castleratclustercode executioncommand and controlcommand executioncompromise assessmentcompromised hostcorporationcredential accesscredential harvestingcredential stuffingcredential_accessdata accessdata copyingdata exfiltrationdata transferdistributed attacksdistribution managementeducational resourceseducational serviceseducational technologyeuropeexfiltrationfleet managementfood servicesfoundfreight forwardingfreight servicesftpftp brute forcefuturegermanygooglegraybravoguest serviceshigher educationhomenethospitality technologyhotelshttp brute forceimapimap attackindicatorinformation technologyinitial accessinventory managementiocit infrastructurek-12 educationlateral movementlogistics technologymalicious activitymalicious softwaremalwaremalware trafficmalware-as-a-servicemaritime transportmatanbuchusmgutnetherlandsnetsupport ratnetworknetwork intrusionnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenorth americapassenger transportationpassword attacksphishingphishing attackpotential intrusionprocess injectionprotocol exploitationpythonrail transportreconnaissanceremote accessremote servicesresearchedrestaurant operationssamplesscannersectopratsecurity operationssecurity policyseenshipping servicessmtpsmtp attackersocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspingssh attacksupply chain managementt1003t1005t1018t1021t1021.001t1021.002t1027t1030t1040t1046t1053t1055t1059t1059.001t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204t1486t1496t1497t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1595t1595.001t1595.002t1595.003tcp scantcp/5900telnet threatthreat actorthreat intelligencethreat preventiontourismtransportation and warehousingtransportation infrastructuretransportation managementtransportation technologyudp scanunited kingdomunited statesvariant samplesvnc protocolwarehouse operationswarmcookie c2yara

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
21
Reports
First seenMay 24, 2025
Last seenJun 7, 2026
GeolocationDE
CountryGermany
LocationAugsburg, ENG
ASNAS2856
OrgCONTRUST
Coords51.5095, -0.0955

VirusTotal

5/ 91vendors flagged
5% detection rateJun 8, 2026

WHOIS

description
Logged 64 visits on 1 honeypot. Average duration: 1.75s
raw
inetnum: 77.90.153.0 - 77.90.153.255 netname: VIRTUALINE_TECHNOLOGIES descr: VIRTUALINE TECHNOLOGIES country: NL org: ORG-SITL5-RIPE admin-c: AD18003-RIPE tech-c: AD18003-RIPE abuse-c: AD18003-RIPE status: SUB-ALLOCATED PA geofeed: https://virtualine.org/geofeed.csv mnt-domains: VIRTUALINE-MNT mnt-routes: VIRTUALINE-MNT mnt-lower: VIRTUALINE-MNT mnt-by: VIRTUALINE-MNT mnt-by: MNT-RAPIDNET created: 2025-02-13T13:25:41Z last-modified: 2025-02-13T13:25:41Z source: RIPE organisation: ORG-SITL5-RIPE org-name: VIRTUALINE TECHNOLOGIES org-type: OTHER descr: remarks: Report your complaint: remarks: [email protected] address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ admin-c: AD18003-RIPE tech-c: AD18003-RIPE abuse-c: AD18003-RIPE mnt-ref: VIRTUALINE-MNT mnt-ref: MNT-RAPIDNET mnt-ref: WHITELABEL-MNT mnt-ref: PITLINE-MNT mnt-ref: URAN-MNT mnt-ref: mnt-bg-eurocrypt-1 mnt-ref: MNT-NETERRA mnt-by: VIRTUALINE-MNT created: 2024-07-17T19:05:56Z last-modified: 2025-08-13T15:43:10Z source: RIPE # Filtered role: VIRTUALINE ABUSE DEPARTMENT address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ abuse-mailbox: [email protected] nic-hdl: AD18003-RIPE mnt-by: VIRTUALINE-MNT created: 2024-07-17T18:32:21Z last-modified: 2024-07-17T19:11:29Z source: RIPE # Filtered route: 77.90.153.0/24 origin: AS214943 mnt-by: MNT-RAPIDNET created: 2025-02-13T13:18:42Z last-modified: 2025-02-13T13:18:42Z source: RIPE
references
Sep week2.pdf, https://www.theregister.com/2025/09/05/clickfix_castlerat_malware/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 21 threat reports