IPMediumSignal 63/100
91.195.240.19
Location
GermanyMunich, Bavaria
ASN
AS47846
SEDO
First Seen
Oct 30, 2023
Last Seen
Jun 8, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionMunich, Bavaria
ASNAS47846
OrganizationSEDO
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
13 reports63% confidence
13
Source reports
63%
Confidence score
Category tags
.biz tld.lolaaaaabuseabuse.ch threatfoxacademic institutionsacceptaccessaccess attaccess ta0006account securityactiveactive relatedactive scanactive scanningactivity dnsacurix networksadded activeaddressaddress bldgaddress domainaddress googleadwareaffected platform: spotifyagen judiahmannajaxakamaiakamaiasn1aleksey silakovalertsalfperalienvault_ransomwareall ipv4all octoseekall scoreblueall searchallow attributeamazonamazon webamerica asnamerica flaganalysis dateanalysis tipanalyzeandroid windowsanti-analysisanti-analysis techniquesanubis sinkholeapache xappleapple iosapple phoneapplication layer protocolaptapt groupartem zahvatkinartroascii textashburnasiaasnasnoneassociated urlsasyncratatomattackaustraliaautoauto-generated securityav detectionsav evasionavailable fromavast avgb imageb scriptb stylesheetbackdoorbackdoor.win32.pushdo.sbad reputationbad requestbaidubank securitybankerbankingbanking trojanbeaconing behaviorbeijing baidubelgium belgiumbifrosebigrockbinarybinary fileblog spambodisbodybody h1body htmlbody lengthbokbotbola sbobetbotnetbotnet activitybotnet communicationbotnet propagationbrazilbrian sabeybritneybritney spearsbritney spears officialbrute forcebrute force attackbrute-forcebruter cncbugsleep backdoorbundledbusyboxc/c++ malwarec2c2 communicationc2 infrastructurec2 ipc2 ip addressc2 serversc2 zergecac2-infrastructureca validcachecalgrc4calls-wmicanadacanada canadacanada unknowncapturecarrcdn dnschainchaoschecked urlcheckincheckin m1checkschecks-network-adapterschecks-user-inputchristopher p ahmannchromechrome pwacivil servicescivil societyck idck idsck matrixck techniquesclassclass functionclick-based attackcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storageclyde murphycnamecnccnc activitycnc checkincnc servercobalt strikecode executioncode injectioncode loadingcom laudecommandcommand & controlcommand and controlcommand decodecommand executioncommand-and-controlcommunication protocolcommunication technologiescompromised hostcompromised routercompromised systemcomspeccontactcontacted hostscontacted urlscontent typecontrolcontrol ta0011cookiecookie objectcookie theftcookie valuecorecorporate lawcorporationcountrycowrie honeypotcreation datecredential accesscredential harvestingcredential stealingcredential stuffingcredential theftcredential-accesscredit card servicescriminal defensecritical riskcrlf linecrowdstrikecrypcryptocurrencycryptocurrency threatscryptojackingcsc corporatecsvctacubacus cnr3cus oletcustom malwarecvecyber attackscycbotdark powerdatadata accessdata cdata collectiondata copyingdata encryptiondata exfiltrationdata manipulationdata sellingdata store exposuredata theftdata transferdata uploaddata-manipulationddosddos attackddos attacksdedebiandebugdebug-environmentdecoy systemdefault browserdefense evasiondefense-evasiondeletedelete cdelphidenial of servicedetect-debug-environmentdetections elfdetections sfdgadga nxdomaindiamondfoxdigital privacydigital signaturedigitaloceanasndirect-cpu-clock-accessdiscovery attdistributed attacksdiv divdmitry urindnsdns attackdnssecdocument filedofoildomains domaindomains showdomains topdonutloaderdotnetdotnet_crypto_obfuscatordownloaderdragdroppeddropped connectionsdrwebdynadotdynadot incdynadot llcdynamic dnsdynamic loadingdynamicloadereb e1educational resourceseducational serviceseducational technologyee fceebeefjegeggnogegregorelectronic health recordselememailemailsemmenhtal loaderemotetences sencircaencryptencrypt cnr10encrypt cnr11encryptionendgameenglewood coloradoenglishenomenterprise securityentriesentries httpentries relatedenumerationepeqeric everesterroret exploitet infoet malwareet toret trojaneternal blueeternalblue exploiteternalblue probeetisalat misretpro trojaneu cyber policieseuropeeurope/asiaexecutable fileexfiltrationexif dataexitexpirationexpiration dateexpiroexpiro relatedexpiry dateexploitexploit domainexploit kitexploitation activityexploited hostexploitsextensionextortionf0 fffactoryfailurefalcon sandboxfalsefamilyfbq objectfeast foundryfeebsfeebs wormff d5fh nofilefileless malwarefilesfiles domainfiles ipfiles locationfiles relatedfiles showfinal urlfinancefinancial institutionfinancial servicesfinancial technologyfindfinlandfireeyefirstflagflightsfolderfooder malwarefor privacyforbidden dateforbidden tlsformatformbook cncforward elffoundfoundryfrancefraudfraud ordersfromfrom firmwareftp brute forcegacor slot88gandi sasgarbagegeckogecko httpgeneral fullgeneratorgenericgeoipgermanygermany asnget helloget responseget updatesghostgithubglobalnpfgnu linkergobrutgobrut servicegoog malgooglegoogle enhancedgoogle safegovernment technologygraph summarygroupgrs limitedguardguest systemguidh1 centerhackershackinghacking toolshackingtrio uahallhall renderhashhasheshead titleheadersheaders serverhealth care and social assistancehealth information technologyhealthcare information systemshelixhellohello worldhidden cobrahidden filehighhigher educationhighly targetedhistoricalhistorical sslhit menhitmenhospital managementhost-interactionhostilehostinghostname addhostname enumerationhostname serverhr descriptionhrefhtmlhtml infohttp attackhttp brute forcehttp communicationhttp methodhttp posthttp requestshttp responsehttp scannerhttp varyhttpshttps communicationhttps traffichttpsonlymodehunting macrohybridhyperv novicedidicloudicmpicmp trafficicons libraryide valueidentity & access exploitationidentity theftids detectionids detectionsiframeil2cppimpactimpact ta0034impact ta0040indicatorindicators of compromiseindonesiainfo headerinformation gatheringinformation stealerinformation stealinginformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial compromiseinitial infectioninjectioninjection activityinjectorinput validation bypassintelintel macintellectual property lawinternet of thingsinvalid urlinvalid-signatureiociocsiosiot botnetiot device targetingiot exploitationiot securityiot/ics attackips collectionipv4ipv4 addiranircirc botircbotirelandireland unknownis__elfit consultantit infrastructurejapanjapan unknownjaws webserverjea ebjecedjeejoinjordanjoshtjson datajuliak-12 educationk60zzli httpkey algorithmkey identifierkey infokgs0khtmlkimsukykit exploitkls0knjghuig .bizknown sinkholeknown torlateral movementlateral-movementlaunchlaw practicelazaruslearnlegal consultinglegal researchlegal serviceslegal technologyless seeless whoisletterman drlevel3licenselight darklinelinklink librarylinuxlinux jullinux malwarelinux x8664liteinject malwareload-codeloaderlocallogiclogin attemptlol crimegrouplolkeklong-sleepslookup wannacrylow softwarelowfiltd dbalumma stealerlzmadecmacosmadangmail spammermainmalaysiamalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware activity detectedmalware analysismalware beaconmalware callbackmalware cvemalware deliverymalware deploymentmalware distributionmalware dnsmalware family: bifrosemalware family: trojanmalware family: win32/spigotmalware hostingmalware infectionmalware loader activitymalware signingmalware trafficmanualmastodon-benignmatches rulematthew pynhasmazemcafeemd5mediamedia centermedical servicesmediummeduza stealermemorymemory patternmemory scanningmeta tagsmetadata analysismetromexicomiddle eastminimirai botnetmirai botnet activitymirai variantmisc attackmitre attmitre attackmmi onlinemobile carriersmobile networksmobile threatmodelmonitored targetmonitoringmoscow regionmovedmozillamr windowsms17-010msiemsilmtb showingmuddywatermulti-cloud managementmultiple protocolsmultiplugmusicmusic industrymutexmvpower dvrmybotmydoomname jimname md5name servername serversname tacticsname verdictnamecheap incnamecheap urlnamed pipenanocore ratnation-state activitynet technologynetherlandsnetworknetwork attacksnetwork communicationnetwork enumerationnetwork exploitationnetwork hijacksnetwork infectionnetwork intrusionnetwork probingnetwork propagationnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork-activitynetwork-adaptersneurotoxin instituteneustarnextnext associatednext droppednext httpnginxno datano expirationnode trafficnone relatednorth americanumbero tireso zergecaobfuscatorobserved dnsoceaniaogoogle trustok serveroletonline slotonloadopenopen portsopen threatopenurl coperating systemoperating system securityoptionsos xos2 executableosintosint-volleyotx octoseekoutbound trafficoverlayoverview ipowner exploitpackingpacking t1045pandaparent domainparking crewparking crew abusepartrupassive dnspasswordpassword attackspassword bypasspastepatch managementpath sizepath traversalpatient carepatternpattern domainspattern matchpattern urlspayload deliverypayload downloadpayment processingpcap framepdb pathpe filepe sectionpe32 linkerpeexepegasuspersistence mechanismphiphishphishingphishing attackphoenix malwarephone hackingpicsyspiiplay ransomwareplaygameplehplugxpolandpolcertpornoportpossible backdoor activitypossible intrusionpossible virutpostpost httppost httpspost methodpragmapreconditionpredict70 seppresent aprpresent decpresent febpresent janpresent julpresent junpresent marpresent novpresent octpresent seppresent showingprivacyprivacy serviceprivilege-escalationprobeprobe ms17010process detailsprocess injectionprocess nameprocess32nextwprotocol exploitationprotonproxyprzvgke .bizpsexecpt morapublic administrationpublic infrastructurepublic keypublic policypublic urlpulse httppulse pulsespulse showpulse submitpulses nonepushq searchqakbotqbotquad9 blockedquasarquasar ratquasiquasi govqueryqueryfoundry dnsr processesraccoonstealerransomransomexxransomwareratread crealteck audioreconnaissancerecord typerecord valueredacted forredline stealerredlinestealerrefreshregion createregion updateregional securityregistrant nameregistry keyregszregulatory agenciesregulatory compliancerelated nidsrelated pulsesrelated tagsrelicremcos trojanremoteremote accessremote access trojanremote attacksremote servicesrep domainrequestresearchedresolverrorresource hijackingrespondedresponse ipresults julresults junresults octresults seprevenge ratreverse dnsreverse shell activityrevoked-certrights reservedrole titlerootsrostpayrounduprouterrsdserun keysrunning webserverruntime-modulesrussiarv gonaloryuksabeysabey typesafe browsingsalitysamplessamuelsamuel tulachsaudi arabiascams & fraudscan endpointsscannerscanning activityscans recordscans showscheduled-taskscript domainsscript scriptscript urlsscripting attackssea altsearchsearchjstgsentrypeer botnetserver responseserversserviceservice bruterseznamsftp attackshellshell codeshell commandsshell uceshellcodeshop tiresshowshow processshow techniqueshowingsibotsid namesigma-rulesignedsilent updatesimdasimda cncsimda httpsinkhole cookiesitus judisizeskipskynetslcc2smb brute forcesmoke loadersnatchsniffssocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware integritysoftware vulnerabilitiessonysouth americasouth koreaspamspanspan aspawnsspear phishing campaignspearphishingspigotspotify applessh attackssh monitoringsslssl certificatestartstartupstatusstatus codestealerstealthcache malwarestringssubject publicsubmitted urlsucurisummarysuper hentaisupply chain attacksupply chain compromisesuricata ipv4suricata udpv4suspsuspicious-dnssuspicous ipswisynswrortsystem disruptiont1001t1001.001t1001.002t1003t1005t1007t1012t1012 queryt1014t1016t1016.001t1020t1021t1021.001t1021.004t1027t1027.003t1030t1036t1036.005t1040t1041t1045t1046t1047t1048t1048.002t1048.003t1053t1053.005t1054t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1060t1063t1066t1068t1069t1069.001t1070t1070.001t1070.004t1071t1071.001t1071.004t1071.005t1076t1078t1078.001t1078.002t1078.003t1078.004t1082t1082 systemt1083t1086t1087t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1119t1129t1132t1133t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1140t1143t1147t1155t1176t1185t1187t1189t1190t1195t1195.002t1199t1203t1204t1204 techniquet1204 usert1204.001t1204.002t1210t1218t1219t1480t1480 executiont1485t1486t1490t1496t1497t1497.001t1498t1498.001t1499.001t1499.002t1499.003t1518t1531t1539t1547t1547.001t1547.002t1553t1554.001t1554.003t1555t1555.003t1562t1563t1564t1565t1566t1566 phishingt1566.001t1566.002t1566.003t1566.004t1567.001t1568t1568.002t1569.002t1571t1573t1573.001t1573.002t1578t1583t1583.002t1584t1584.003t1584.005t1586.001t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1589t1589.001t1589.002t1590t1590 gathert1590.001t1590.002t1595t1595.001t1595.002t1595.003t1598ta0009 commandtag counttaiwan as3462tam legaltannertargeted attacktask schedulertaskjobtcp scanteams apitechnical citytelecom servicestelecommunicationstelnet logintelnet threattelpertemptempletencenttexttheme directorythreatthreat actorthreat analyzerthreat groupthreat reportthreat roundupthreat scorethreatstiktok youtubetirestires languagetitletitle addedtitle headtitle shoptls handshaketlsv1tofseetokyotoolstop destinationtop sourcetortor analysistor nodetrackertracking domainstraffic redirectiontreetrmptrojan evadertrojan malwaretrojanclickertrojandroppertrojanspytsara brashearstsvtttl valuetulachturkeytwittertypetype indicatortype mimetypetype nametypo squattingtzw variantsubuntuuc healthudp scanuk collectionukraineunauthorized accessunicode textunitedunited kingdomunited statesunivjosunixunknown malwareunknown nsunknown threat actorunknown-malwareunruyunsafeevalunsupported internet explorerunsupported windows ntupdate dateupdaterurlsurls httpurls httpsurls showurls urlurlshortner decurlshortner sepursnifuser executionusing vbsusual suspectsutc submissionsv2 documentv3 serialvalidvalid usagevaluevalue exevalue snkzvba macrovbs enclaveverified-benignverisign timeversionvictim networkvidarvideosviprevirgin islandsvirtoolvirtool attvirtool:win32/obfuscator.adbvirusvirus.expiro/moivavitrovoipvoip attackvulnerability scanwannawannacrywannacryptwcrywealth managementweb application attackweb application exploitationweb securityweb trafficwebsite defacementwheels onlinewhois filewhois lookupwhois recordwhois sslcertwhois whoiswifiwin.beastwin.worm.eggnog-6win16 newin32 dynamicwin32 exewin32 malwarewin32.virutwin32/expiro.ndowin32/madang.awin32/phishbank.awin32:multiplug-adlwin32cve aprwin32cve decwin32cve octwin32cve sepwin32ellell janwin32mydoom decwin32pcmega janwin32small decwindirwindowswindows malwarewindows ntwiperwithout refererwolfgang reilewormworm.picsyswornwritewrite cx adblockx509v3 subjectxhr functionxor ddosxorddosxserverxworm:yara detectionsyara ruleyouthyoutubezemlin namezfglddkl58a url
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
13
Reports
First seenOct 30, 2023
Last seenJun 8, 2026
GeolocationDE
CountryGermany
LocationMunich, Bavaria
ASNAS47846
OrgSEDO
Coords50.9333, 6.9497
Proxy
VirusTotal
Not checked
WHOIS
- description
- CC=DE ASN=AS47846 sedo
- raw
- inetnum: 91.195.240.0 - 91.195.241.255 netname: SEDO-NET descr: Sedo Domain Parking descr: Im Mediapark 6b descr: 50670 Koeln country: DE org: ORG-SA551-RIPE admin-c: OD12023-RIPE admin-c: IXCW-RIPE tech-c: IXCW-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: IX1-MNT mnt-routes: IX1-MNT mnt-domains: IX1-MNT created: 2007-10-25T09:36:24Z last-modified: 2023-01-24T09:53:13Z source: RIPE sponsoring-org: ORG-IG16-RIPE organisation: ORG-SA551-RIPE org-name: SEDO GmbH country: DE remarks: SEDO-ORG org-type: OTHER address: Sedo GmbH address: Im Mediapark 6 address: 50670 Koeln abuse-c: IX26-RIPE mnt-ref: IX1-MNT mnt-by: IX1-MNT created: 2007-10-08T16:10:11Z last-modified: 2022-12-01T16:46:16Z source: RIPE # Filtered role: InterNetX Network Crew address: InterNetX GmbH address: Johanna-Dachs-Str. 55 address: D-93055 Regensburg phone: +49 941 59559 0 fax-no: +49 941 59579 051 nic-hdl: IXCW-RIPE admin-c: MS4404-RIPE admin-c: CS5299-RIPE tech-c: MS4404-RIPE tech-c: CS5299-RIPE abuse-mailbox: [email protected] remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam and Illegal Activity remarks: issues, please use ONLY the abuse-mailbox E-Mail: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2006-12-06T15:39:30Z last-modified: 2024-12-16T13:34:03Z source: RIPE # Filtered person: Ochotzki Dirk address: SEDO GmbH address: Im Mediapark 6 address: 50670 Koeln address: Deutschland phone: +49 221 340 30-0 fax-no: +49 221 340 30 5280 nic-hdl: OD12023-RIPE mnt-by: IX1-MNT created: 2023-01-24T09:49:27Z last-modified: 2023-01-24T09:49:27Z source: RIPE route: 91.195.240.0/23 descr: SEDO-NET-PI origin: AS47846 remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam issues, please use ONLY remarks: the abuse-mailbox E-Mail or these contact: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2019-01-29T12:43:05Z last-modified: 2024-12-16T13:05:23Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 days ago
Appeared in 13 threat reports