IPMediumSignal 87/100

`207.244.239.45`

Location

United States

St Louis, Missouri

ASN

AS40021

Contabo Inc

First Seen

Mar 4, 2026

Last Seen

May 31, 2026

Mar 4

First Seen

100d ago

May 31

Last Seen

13d ago

Reports

source reports

87%

Confidence

medium

Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

87%

Signal Score

87 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

42 techniques

Network Information

Country

United States

RegionSt Louis, Missouri

ASNAS40021

OrganizationContabo Inc

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

22 reports87% confidence

Source reports

87%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningactive-attackaptasiaattackaustraliaautomated attackbad reputationbad web botblacklisted sourceblocklist_allblog spambothammerbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcecanadacloud infrastructurecloud infrastructure attackcloud providercloud servicescommand and controlcommand executioncommunication protocolcowriecowrie activitycowrie attackscowrie honeypotcredential accesscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcyberattackdaily-threat-feeddata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedhcpdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attackselasticsearchencryptionexploitation activityexploited hostexposed servicesexternal scanningexternal threatfattftpftp brute forceftp brute-forcehackinghoneytrap honeypothttp scannerhttp scanningidentity & access exploitationimapindicatorinformation gatheringinitial accessinjection activityinjection attacksinternet-facing assetsintrusion detectioniot securityiot targetedipv4ipv4 addressjapanlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementldapmailoney honeypotmalicious activitymalicious activity detectedmalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemssqlnetworknetwork discoverynetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynorth americantpoceaniaoracleoracle databasep0fpassword attacksphishingphishing attackphishing trapping of deathportscanpossible malware distributionpostgresprocess injectionprotocol exploitationransomwarerealtime-wafreconnaissanceredisremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policyself-signedsensor-taggedsentrypeer botnetserver exploitationservice discoveryservice enumerationservice scansftpsftp attacksiemsmbsmtpsnmpsocial engineeringsocks5socradar honeypotspamsql injectionsshssh attackssh monitoringsystem accesst1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.005t1071t1071.001t1076t1077t1078t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontokyotor nodetorontotpotudp scanunattributed activityunauthorized access attemptunauthorized probingunited statesunknown threat actorusvncvnc protocolvoipvoip attackvpnvpn ipvultrweb app attackweb application attackweb application scanningweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

87%

Confidence

Reports

First seenMar 4, 2026

Last seenMay 31, 2026

GeolocationUS

CountryUnited States

LocationSt Louis, Missouri

ASNAS40021

OrgContabo Inc

Coords38.6364, -90.1985

VPN

VirusTotal

Not checked

WHOIS

raw: NetRange: 207.244.224.0 - 207.244.255.255 CIDR: 207.244.224.0/19 NetName: CONTA-48 NetHandle: NET-207-244-224-0-1 Parent: NET207 (NET-207-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Contabo Inc. (CONTA-48) RegDate: 2021-05-07 Updated: 2023-05-16 Ref: https://rdap.arin.net/registry/ip/207.244.224.0 OrgName: Contabo Inc. OrgId: CONTA-48 Address: 710 N Tucker Blvd. STE 400A City: St. Louis StateProv: MO PostalCode: 63101 Country: US RegDate: 2019-12-23 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/CONTA-48 OrgNOCHandle: CONTA393-ARIN OrgNOCName: Contabo NOC OrgNOCPhone: +498921665862 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/CONTA393-ARIN OrgAbuseHandle: CAD61-ARIN OrgAbuseName: Contabo Abuse Department OrgAbusePhone: +498921665862 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAD61-ARIN OrgTechHandle: CONTA392-ARIN OrgTechName: Contabo Tech OrgTechPhone: +498921665862 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/CONTA392-ARIN OrgRoutingHandle: CONTA393-ARIN OrgRoutingName: Contabo NOC OrgRoutingPhone: +498921665862 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/CONTA393-ARIN
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`207.244.239.45`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy