IOC Radar
IPMediumSignal 84/100

45.138.16.178

Location
PolandPoland
Warsaw, Mazovia
ASN
AS210558
1337 Services GmbH
First Seen
Jul 20, 2022
Last Seen
Jun 2, 2026
Jul 20
First Seen
1424d ago
Jun 2
Last Seen
11d ago
40
Reports
source reports
84%
Confidence
medium
Found in 40 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

86 techniques

Network Information

CountryPLPoland
RegionWarsaw, Mazovia
ASNAS210558
Organization1337 Services GmbH

IP Category

Proxy
Proxy server

Feed Intelligence Summary

40 reports84% confidence
40
Source reports
84%
Confidence score
Category tags
802.11 protocolaaaaabout contactabuseacceptaccessaccess controlaccount securityactive scanactive scanningadded activeaddress googleamerica flaganonymity network abuseantispamapacheappleaptarmadillov171attackattacker-ipaustraliaauthentication attackauthorityauto-generated securityautomated multi-vector probingbackdoorbad reputationbad web botblackie virusblocklist_allbotnetbotnet activitybotnet c2brute forcebrute force attackbrute force attacksbrute-forcebruteforcec2c2 servercheat servicecheckinchina asnchina unknowncisco deviceck idck matrixclickclick-based attackcloud backupcodecode executioncode injectioncode overlapcode-injectioncommandcommand & controlcommand and controlcommand decodecommand executioncommunication protocolcommunication technologiescompromised hostscontactcontent homecontent typecouriercowriecowrie honeypotcreation datecredential accesscredential harvestingcredential stuffingcredential theftcrlf linedarkdata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdeautherdecoy systemdefense evasiondeletedelete cdelphidenial of servicedenial-of-servicedevice managementdigital oceandionaeadionaea honeypotdiscovery attdistributed attacksdns attackdockdomaindynamicdynamic apidynamicloaderenterprise networkingerroret toreuropeevasion attexitexit nodeexploit attemptsexploitationexploitation activityexploited hostfailed authenticationfattfilesfiles ipfinlandfireholfoundframe injectionfrancefrance asnftpftp brute forceg2 cgenco labsgermanyhackinghighhoneynet connecthoneytrap honeypothostilehostname addhttp attackhttp brute forcehttp scannerhttpsidentity & access exploitationinfrastructure acquisitionreconnaissanceingress tool transferinitial-accessinjection activityinjection attacksinput validation bypassintelinternet of thingsintrusion detectioniociosiot botnetiot securityiot/ics attackip-addressipv4ipv4 addknown torlamplateral movementlearnlengthlocallog4jlogin attacklogin attemptlowfimailoney honeypotmainmalicious activitymalicious ipmalicious ip addressesmalicious ipsmalicious linksmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmarkusmediummenu closemenu homemetametadata analysismiraimirai botnetmisc attackmitre attmobile carriersmobile networksmobile threatmonitored targetmovedmozillams windowsmsiename serversname tacticsnetherlandsnetworknetwork attacksnetwork disruptionnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork-attacknextnext associatednode trafficnorth americaoceaniaoperating system securityp0fpackedpassive dnspassword attackpassword attackspathpath traversalpe sectionpe32 executablephishingphishing attackphishing trapplpolandportport-scanportalportal openportscanpresent aprpresent augpresent decpresent janpresent junpresent marpresent sepprocessprocess injectionprotocol exploitationproxyproxy abusepythonransomwareread creadsreconnaissancerecord valuerelated pulsesremote accessremote servicesresearchedresource hijackingresponse ipreverse dnssafe browsingscanscannerscannersscanning activitysearchsecurity operationssecurity policyself-signedsensor-taggedsentrypeer botnetservice scansftp attackshowingsignal jammingsmb brute forcesmtpsmtp brute forcesocial engineeringsocial media securitysocradar honeypotsoftware exploitationspamspawnssql injection attemptssql-injectionsshssh attackssh monitoringstatusstringssystem accesst1012t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1045t1046t1047t1053t1055t1057t1059t1059.001t1059.003t1059.004t1060t1063t1067t1068t1071t1071.001t1071.002t1071.004t1076t1078t1082t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1129t1133t1140t1143t1187t1190t1195t1199t1203t1204.001t1204.002t1205t1210t1480t1480 executiont1486t1496t1498t1499t1499.001t1499.002t1499.003t1499.004t1555t1561t1561.001t1561.002t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1587.001t1588t1588.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthustitletortor activitytor exittor exit nodetor networktor nodetotaltpottrojantrojan malwaretrojandroppertulach typetwittertype indicatorudp scanukraineunauthorized access attemptunitedunited kingdomunited statesunknown nsurlsususer executionvirgin islandsvoidtrapvoipvoip attackvulnerability scanvulnerability-scanweb app attackweb application attackweb application exploitationweb exploitweb exploitationweb securityweb spamweb trafficweb-attackwifi deauthentication attackwin32 malwarewindows malwarewindows ntwine emulatorwireless attackwritex appleyarayara detectionsyara signature

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
40
Reports
First seenJul 20, 2022
Last seenJun 2, 2026
GeolocationPL
CountryPoland
LocationWarsaw, Mazovia
ASNAS210558
Org1337 Services GmbH
Coords52.2363, 21.0131
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
inetnum: 45.138.16.0 - 45.138.16.255 netname: LEET-45-138-16-0 country: US org: ORG-SG413-RIPE admin-c: SGAH5-RIPE tech-c: SGAH5-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2022-05-24T17:54:14Z source: RIPE organisation: ORG-SG413-RIPE org-name: 1337 Services GmbH org-type: OTHER address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany abuse-c: SGAH5-RIPE mnt-ref: PREFIXBROKER-MNT mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2022-05-24T17:54:14Z source: RIPE # Filtered role: 1337 Services GmbH abuse handling address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany nic-hdl: SGAH5-RIPE mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2022-05-24T17:54:14Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 45.138.16.0/24 origin: AS201814 mnt-by: PREFIXBROKER-MNT created: 2022-05-25T12:12:56Z last-modified: 2022-05-25T12:12:56Z source: RIPE route: 45.138.16.0/24 origin: AS210558 mnt-by: PREFIXBROKER-MNT created: 2022-10-27T09:51:06Z last-modified: 2022-10-27T09:51:06Z source: RIPE
references
https://check.torproject.org/torbulkexitlist, https://iplists.firehol.org/?ipset=tor_exits, https://github.com/telekom-security/tpotce, Exit_Nodes.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 11 days ago
Appeared in 40 threat reports