IOC Radar
IPMediumSignal 67/100

2.58.56.94

Location
NetherlandsNetherlands
Bavilliers, IDF
ASN
AS39421
Mifsud Florian
First Seen
Dec 6, 2024
Last Seen
May 28, 2026
Dec 6
First Seen
551d ago
May 28
Last Seen
13d ago
15
Reports
source reports
67%
Confidence
medium
14/91
VirusTotal
detections
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryNLNetherlands
RegionBavilliers, IDF
ASNAS39421
OrganizationMifsud Florian

Feed Intelligence Summary

15 reports67% confidence
15
Source reports
67%
Confidence score
Category tags
abuseactive scanactive scanningaptasyncratasyncrat infectionbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute-forcebruteforcec2command & controlcommand and controlcredential accesscredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftddosdedenial of servicedistributed attackseuropeexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyfrancehackingidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinjection activitykeyloggermalicious softwaremalwaremanualnetherlandsnetworknetwork probingnlpassword attackspayment processingphishingphishing attackprobingprocess injectionreconnaissanceremote accessresearchedscannerscanningscanning activitysmtpsmtp attackersocial engineeringt1055t1059.001t1071.001t1105t1110.001t1110.002t1110.003t1110.004t1190t1203t1219t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595.001t1595.002t1595.003threat actortor nodewealth managementweb app attackweb application attackweb exploitationweb scannerwebscanwebscanner

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
15
Reports
First seenDec 6, 2024
Last seenMay 28, 2026
GeolocationNL
CountryNetherlands
LocationBavilliers, IDF
ASNAS39421
OrgMifsud Florian
Coords48.7855, 2.1971

VirusTotal

14/ 91vendors flagged
15% detection rateJun 8, 2026

WHOIS

raw
inetnum: 2.58.56.0 - 2.58.56.255 netname: DE-1337SERVICES-20190321 country: NL descr: 1337 Services GmbH org: ORG-SG394-RIPE admin-c: SN9633-RIPE tech-c: SN9633-RIPE status: ALLOCATED PA mnt-by: lir-de-1337services-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2022-10-31T08:00:11Z last-modified: 2025-04-23T19:24:05Z source: RIPE geofeed: https://rdp.sh/geofeed organisation: ORG-SG394-RIPE org-name: 1337 Services GmbH country: DE org-type: LIR address: Ludwig-Erhard-Str. 18 address: 20459 address: Hamburg address: GERMANY phone: +4941218302498 admin-c: SN9633-RIPE tech-c: SN9633-RIPE abuse-c: AR65902-RIPE mnt-ref: lir-de-1337services-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-de-1337services-1-MNT created: 2021-10-27T09:01:37Z last-modified: 2024-11-14T13:24:02Z source: RIPE # Filtered mnt-ref: SERVPERSO-MNT role: 1337 Services NOC address: GERMANY address: Hamburg address: 20459 address: Ludwig-Erhard-Str. 18 phone: +4941218302498 nic-hdl: SN9633-RIPE mnt-by: lir-de-1337services-1-MNT created: 2021-10-27T09:01:36Z last-modified: 2023-08-02T16:50:34Z source: RIPE # Filtered route: 2.58.56.0/24 origin: AS210558 mnt-by: lir-de-1337services-1-MNT created: 2022-03-04T15:18:30Z last-modified: 2022-10-31T08:06:56Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://threatfox.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 15 threat reports