IOC Radar
IPMediumSignal 59/100

185.241.208.91

Location
PolandPoland
Warsaw, Mazovia
ASN
AS210558
1337 Services GmbH
First Seen
Sep 15, 2024
Last Seen
Apr 20, 2026
Sep 15
First Seen
637d ago
Apr 20
Last Seen
55d ago
22
Reports
source reports
59%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryPLPoland
RegionWarsaw, Mazovia
ASNAS210558
Organization1337 Services GmbH

IP Category

Proxy
Proxy server

Feed Intelligence Summary

22 reports59% confidence
22
Source reports
59%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningatif feedattackauto-generated securitybad reputationbankingbanlist feedbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attacksc2 communicationcommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingcredentialaccesscredit card servicesdata exfiltrationdata store exposureddosddos attacksdedecoy systemdenial of servicedistributed attacksemailemailattackeuropeexploit attemptsexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyftpftp brute forcehackinghoneytrap honeypothttp scannerhttpsidentity & access exploitationimapimap attackindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinjection activitylamplogin attemptsmailoney honeypotmalicious activitymalicious emailmalicious ip activitymalicious softwaremalicious trafficmalwaremalware distributionmalware-related botnet activitymanualnetherlandsnetworknetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork traffic analysispassword attackspayment processingphishingphishing attackphishing trapplpolandpossible botnet infectionpotential malware distributionprocess injectionproxyreconnaissanceremote accessresearchedscannerscanning activitysecurity policysftp attacksmtpsmtp attackersocial engineeringssh attackssh monitoringsurface webt1018t1021t1041t1046t1055t1059t1059.004t1068t1071t1071.001t1071.004t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003threat actorthreat detectionthreat preventiontor nodevulnerability scanwealth managementweb application attackweb exploitationweb scannerweb traffic

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, represents a significant and active threat that demands immediate attention. With a high score of 59.17 and no whitelist status, it is strongly associated with malicious activities, particularly reconnaissance, credential theft attempts, and potential exploitation of public-facing applications. The presence of this IOC in an organizational environment could indicate ongoing probing, attempted unauthorized access, or the precursor to a more sev…

Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
22
Reports
First seenSep 15, 2024
Last seenApr 20, 2026
GeolocationPL
CountryPoland
LocationWarsaw, Mazovia
ASNAS210558
Org1337 Services GmbH
Coords52.3824, 4.8995
Proxy

VirusTotal

Not checked

WHOIS

description
2025-03-28T04:20:21.000Z Honeypot : Mailoney : Source: 185.241.208.91 : Port: 25 : Data: EHLO 6VEFiCPGN
raw
inetnum: 185.241.208.0 - 185.241.208.255 netname: LEET-185-241-208-0 country: DE geofeed: https://rdp.sh/geofeed org: ORG-SG414-RIPE admin-c: SGAH6-RIPE tech-c: SGAH6-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2022-06-14T15:17:57Z last-modified: 2025-04-16T07:35:23Z source: RIPE organisation: ORG-SG414-RIPE org-name: 1337 Services GmbH org-type: OTHER address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany abuse-c: SGAH6-RIPE mnt-ref: PREFIXBROKER-MNT mnt-by: PREFIXBROKER-MNT created: 2022-06-14T15:17:57Z last-modified: 2022-06-14T15:17:57Z source: RIPE # Filtered role: 1337 Services GmbH abuse handling address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany nic-hdl: SGAH6-RIPE mnt-by: PREFIXBROKER-MNT created: 2022-06-14T15:17:57Z last-modified: 2022-06-14T15:17:57Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 185.241.208.0/24 origin: AS201814 mnt-by: PREFIXBROKER-MNT created: 2022-06-14T15:17:57Z last-modified: 2022-06-14T15:17:57Z source: RIPE route: 185.241.208.0/24 origin: AS210558 mnt-by: PREFIXBROKER-MNT created: 2022-10-27T09:50:23Z last-modified: 2022-10-27T09:50:23Z source: RIPE
references
https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 22 threat reports