IOC Radar
IPMediumSignal 56/100

91.195.241.232

Location
GermanyGermany
Cologne, North Rhine-Westphalia
ASN
AS47846
SEDO
First Seen
May 2, 2023
Last Seen
May 24, 2026
May 2
First Seen
1137d ago
May 24
Last Seen
19d ago
13
Reports
source reports
56%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryDEGermany
RegionCologne, North Rhine-Westphalia
ASNAS47846
OrganizationSEDO

Feed Intelligence Summary

13 reports56% confidence
13
Source reports
56%
Confidence score
Category tags
aaaaacademic institutionsactive scanactive scanningaerospace & defenseall searchandroidapkappleascii textattackauto-generated securityautomotive manufacturingblisterbotnetbotnet activitybrand impersonationbrute forcebrute force attackbrute-forcec2canadachecks-gpschecks-network-adapterschecks-usb-buschecks-user-inputcivil servicesclassclick-based attackcobalt strikecode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescontains-elfcorecreation datecredential accesscredential harvestingcredential stuffingcyber securitydata exfiltrationdata store exposurededefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdictionary attackdirect-cpu-clock-accessdiscorddistributed attacksdns attackeducationeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingencryptionenergyenergy distributionentityerroret toreuropeexecutable fileexitexploitexploitation activityexploited hostfilegeneratorgermanygovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhistorical sslhomoglyph attackhospital managementhttp attackhttp scannerhybrididentity & access exploitationindustrial automationindustrial iotindustrial productioninformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityiociot securityit infrastructurek-12 educationknown torlameroslateral movement explorationlinklocallokibotlong-sleepsmalcore iocsmalicious activitymalicious downloadmalicious file downloadmalicious linksmalicious softwaremalwaremalware distributionmanualmanufacturing technologymastodon-benignmedical servicesmetadata analysismetromilitary operationsmisc attackmobilemobile carriersmobile networksmobile threatname verdictnational securitynetworknetwork reconnaissancenetwork scanningnextraynjratnode trafficoil & gasotx octoseekoverlaypassive dnspassword attackspassword crackingpatient carepattern matchpdfpeexephishphishingphishing attackphishing campaignpixelpleasepolcertpossible exploit attemptpower generationpower systemsprocess injectionprocess manufacturingprocess: csrss.exeproxypublic administrationpublic infrastructurepublic policypulse pulsesquality controlransomwareratreconnaissanceredlineredline stealerregulatory agenciesremote servicesrenewable energyresearchedrobloxruntime-modulesrussian federationscan endpointsscannerscript urlssearchsecurity operationsservice enumerationservice scanservice-scanshowingsmokeloadersocial engineeringsocial media securitysoftware developmentsoftware exploitationssl certificatestatusstopransomwarestringssupply chain attacksupply chain managementsuspicious-dnst1005t1016t1021t1027t1041t1046t1053t1055t1059t1059.001t1059.007t1071t1071.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1199t1203t1204.001t1204.002t1486t1496t1499.002t1499.003t1547t1565t1566t1566.001t1566.002t1566.003t1568t1569.002t1573t1583t1583.006t1586t1586.001t1586.002t1587.001t1588t1588.002t1588.004t1589t1590.001t1595t1595.001t1595.002t1595.003targeted scanningtelecom servicestelecommunicationsthreat actorthreat intelligencethreat rounduptld compromisetld swaptor nodetyposquattingua-parser-jsualbertaunitedurlsuser agent stringsuser executionverified-benignvowel swapvulnerability scanweb exploitationweb securityweb trafficwhois recordwhois whoiswin32 malwarewindowswindows malware

Activity Timeline

1 total obs
May 24May 24

Threat Activity Heatmap

· Peak: 2026-05-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
13
Reports
First seenMay 2, 2023
Last seenMay 24, 2026
GeolocationDE
CountryGermany
LocationCologne, North Rhine-Westphalia
ASNAS47846
OrgSEDO
Coords50.9333, 6.9497

VirusTotal

Not checked

WHOIS

description
CC=DE ASN=AS47846 SEDO GmbH
raw
inetnum: 91.195.240.0 - 91.195.241.255 netname: SEDO-NET descr: Sedo Domain Parking descr: Im Mediapark 6b descr: 50670 Koeln country: DE org: ORG-SA551-RIPE admin-c: OD12023-RIPE admin-c: IXCW-RIPE tech-c: IXCW-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: IX1-MNT mnt-routes: IX1-MNT mnt-domains: IX1-MNT created: 2007-10-25T09:36:24Z last-modified: 2023-01-24T09:53:13Z source: RIPE sponsoring-org: ORG-IG16-RIPE organisation: ORG-SA551-RIPE org-name: SEDO GmbH country: DE remarks: SEDO-ORG org-type: OTHER address: Sedo GmbH address: Im Mediapark 6 address: 50670 Koeln abuse-c: IX26-RIPE mnt-ref: IX1-MNT mnt-by: IX1-MNT created: 2007-10-08T16:10:11Z last-modified: 2022-12-01T16:46:16Z source: RIPE # Filtered role: InterNetX Network Crew address: InterNetX GmbH address: Johanna-Dachs-Str. 55 address: D-93055 Regensburg phone: +49 941 59559 0 fax-no: +49 941 59579 051 nic-hdl: IXCW-RIPE admin-c: MS4404-RIPE admin-c: CS5299-RIPE tech-c: MS4404-RIPE tech-c: CS5299-RIPE abuse-mailbox: [email protected] remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam and Illegal Activity remarks: issues, please use ONLY the abuse-mailbox E-Mail: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2006-12-06T15:39:30Z last-modified: 2024-12-16T13:34:03Z source: RIPE # Filtered person: Ochotzki Dirk address: SEDO GmbH address: Im Mediapark 6 address: 50670 Koeln address: Deutschland phone: +49 221 340 30-0 fax-no: +49 221 340 30 5280 nic-hdl: OD12023-RIPE mnt-by: IX1-MNT created: 2023-01-24T09:49:27Z last-modified: 2023-01-24T09:49:27Z source: RIPE route: 91.195.240.0/23 descr: SEDO-NET-PI origin: AS47846 remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam issues, please use ONLY remarks: the abuse-mailbox E-Mail or these contact: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2019-01-29T12:43:05Z last-modified: 2024-12-16T13:05:23Z source: RIPE
references
https://www.virustotal.com/graph/ga30c6413c45144b1a221e1aff89d0409388da1a555bc4109bbc3d1391bcab10f, https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv, https://github.com/Abjuri5t/SarlackLab/tree/main/IOCs.csv/, https://abjuri5t.github.io/SarlackLab/, https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore //, https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_ste, https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat // ak, https://www.virustotal.com/graph/embed/gbd9dc992da5f49728d22429d5552c000303449923a744f018453892e1abeca74?theme=dark, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/iocs, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/summary, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/graph, https://dnstwist.it/#7c697f80-c2c3-43a2-85c0-05ed178bb050, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc90a0b888d183249be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab26651916f9ecabe7f213, https://www.filescan.io/uploads/68197948d95f3e34e9615af0/reports/7b5b7977-b6ee-49c0-af35-1ee866e64e4e/ioc, https://www.hybrid-analysis.com/sample/cc2438f2ce5688ebea0b6fc1d556d44e0384ba1651dee3c30fc5ed4c595a40b6/6819791dee8ee1fe7b07b5d4, https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader, https://www.virustotal.com/graph/gd893c177c2d443d9a99c842476dae8f4c0a99737cf354f9a9fbd8abadd3d015e, https://twitter.com/SarlackLab/status/1790533907202424862, https://twitter.com/SarlackLab/status/1790599329960403446, https://twitter.com/SarlackLab/status/1790626481284001831, https://twitter.com/SarlackLab/status/1790659424148738312, https://twitter.com/SarlackLab/status/1790684857888030844, https://twitter.com/SarlackLab/status/1790789481294975181, https://twitter.com/SarlackLab/status/1790804590100709585, https://twitter.com/SarlackLab/status/1790805955229122940, https://twitter.com/SarlackLab/status/1790813846568931521, https://twitter.com/SarlackLab/status/1790826338640601124, https://twitter.com/SarlackLab/status/1790836416492003607

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 19 days ago
Appeared in 13 threat reports