IPMediumSignal 54/100
45.138.16.222
Location
United StatesWarsaw, Minnesota
ASN
AS210558
1337 Services GmbH
First Seen
Apr 5, 2023
Last Seen
Jun 9, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionWarsaw, Minnesota
ASNAS210558
Organization1337 Services GmbH
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
34 reports54% confidence
34
Source reports
54%
Confidence score
Category tags
#supportsitewebsiteabuse #rootcertificatefailure #cryptographicf802.11 protocolaaaaabout contactabuseabuseipdbacceptaccessaccess controlaccount securityactive scanactive scanningadbhoney honeypotadded activeaddress googleaerospace & defenseamerica flaganonymity network abuseanonymization networkanonymization network activityanonymization network iocsanonymization network trafficanonymization network usageanonymization_network_originanonymization_service_trafficanonymized attack activityanonymous attack sourceanonymous proxiesanonymous proxyanonymous_proxyapacheappleapple security bypassaptarmadillov171as path poisoningattackaustraliaauthentication attacksauthentication attemptsauthorityauto-generated securityautomated attackautomated feedautomated_attackautomotive manufacturingbackdoorbad reputationbad web botbgpblackie virusblocklist_allbotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercheat servicecheckinchina asnchina unknowncisco asacisco devicecisco exploitation attemptcivil servicesck idck matrixclick-based attackcloud backupcode executioncode injectioncode overlapcommandcommand & controlcommand and controlcommand decodecommand executioncommand injectioncommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorscontactcontent homecontent typecore network compromisecouriercowrie honeypotcowrie interactionscreation datecredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential theftcredential_accesscredential_attackcredential_guessingcredential_stuffingcrlf linecryptocurrencycyber securitycymtdarkdarkforumsdata encryptiondata exfiltrationdata interceptiondata store exposuredata theftdatabase probingdatabase securityddosddos attackddos attacksdeautherdecoy systemdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydeletedelete cdelphidenial of servicedenial-of-servicedevice managementdigital oceandionaea honeypotdionaea interactionsdiscovery attdistributed attacksdnsdns attackdockdynamicdynamic apidynamicloaderedge infrastructure exploitelasticpot honeypotelasticsearch monitoringelectronics manufacturingencryptionenterprise networkingenumerationerroret toreuropeevasionevasion attexecutable fileexitexit nodeexit node threatexploitexploitationexploitation activityexploitation attemptexploited hostexternal proxyfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefilesfiles ipfinlandfireholfirewall eventfirmware attackfoundframe injectionfrancefrance asnfraud ordersftpftp brute forceftp brute-forceftp_attemptsftp_brute_forceftp_serviceg2 cgenco labsgeofencing malwaregermanygovernment technologyhackinghashhighhoneynet connecthoneytrap honeypothoneytrap interactionshostilehostname addhttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp_brute_forcehttpshttps scanningicmpidentity & access exploitationidmsa abuseindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinput validation bypassintelinter-as route manipulationinternet of thingsinternet-facinginternet_background_noiseintrusion detectioniociocsiosiot botnetiot securityiot/ics attackipv4ipv4 addipv4 addressit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjtag exploitationknown torlamplamp server targetinglamp stack exploitationlateral movementlateral network movementlearnlengthlfilocallogin attemptlogin credentialslowfimailoney honeypotmailoney interactionsmainmalicious activitymalicious domainmalicious domainsmalicious filemalicious hashesmalicious ip addressesmalicious ipsmalicious linksmalicious network activitymalicious softwaremalicious trafficmalicious urlsmalicious_ipsmalicious_trafficmalwaremalware analysismalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanualmanufacturing technologymarkusmediummenu closemenu homemetadata analysismilitary operationsmirai botnetmisc attackmitre attmobile carriersmobile networksmobile threatmonitored targetmonthlymovedmozillamsiemssql_brute_forcename serversname tacticsnational securitynemucodnetherlandsnetworknetwork activitynetwork attacksnetwork disruptionnetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwork_service_probingnetworkmonitoringnextnext associatednextraynode trafficnorth americaoceaniaopen proxyopenphish feedopenphish iocoperating system securityopportunistic_attackerp0fp0f signaturespackedpassive dnspassword attackpassword attackspath traversalpdfpe sectionpe32 executablepersistence mechanismphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsplpmic manipulationpolandportportalportal openpossible botnet activitypossible credential stuffingpossible reconnaissancepotential botnet activitypotential credential compromisepotential exploitpotential malicious activitypresent aprpresent augpresent decpresent janpresent junpresent marpresent sepprocessprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol_scanningproxyproxy ip addressesproxy ipsproxy networkproxy serverproxy server activityproxy_trafficproxy_usagepublic administrationpublic infrastructurepublic policypythonquality controlransomwarerdp_attemptsrdp_brute_forcerdp_serviceread creadsreconnaissancereconnaissance activityreconnaissance_activityrecord valueredis honeypotregulatory agenciesrelated pulsesremote accessremote servicesresearchedresource hijackingresponse ipreverse dnsrouting protocolsafe browsingscams & fraudscannerscannersscanning activityscripting languagesearchsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice enumerationservice scansftp attacksftp attacksshellshowingsignal jammingsip attackssip scansmb brute forcesmb_enumerationsmb_servicesmtpsmtp brute forcesmtp probingsmtp scanningsmtp_brute_forcesocial engineeringsocial media securitysoftware developmentsoftware exploitationsophisticated firmware persistencespamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropspawnssql injectionsshssh attackssh monitoringssh_attemptsssh_brute_forcessh_servicessl blacklistssl certificatessl certificatessslblsslblackliststatusstixstix feedstringssupply chain attacksupply chain compromisesupply chain managementsuricata alertssuspicioustrafficsyn scant-pott1005t1012t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1045t1046t1047t1048t1053t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1060t1063t1067t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1082t1083t1087t1090t1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1112t1113t1129t1133t1140t1143t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1205t1480t1480 executiont1486t1496t1499t1499.001t1499.002t1499.003t1499.004t1542.001t1542.005t1550t1555t1561t1561.001t1561.002t1563t1564.001t1564.003t1564.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet threattelnet_attemptsthreat activitythreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedthustier-1 network vulnerabilitytitletls fingerprinttortor activitytor exittor exit nodetor exit nodestor networktor network activitytor nodetor node indicatorstor-exit-nodestor-guard-nodestor_exit_nodetor_traffictorexittorexitnodestotaltpottraffic analysistrojan malwaretrojandroppertsectulach typetwittertype indicatorudp scanunattributed_threat_activityunauthorized access attemptunauthorized_accessunitedunited statesunknown nsurlhausurlsususer executionvirgin islandsvoipvoip attackvpnvpn ipvpn ip addressesvpn servicevpn trafficvpn_trafficvulnerability scanweb app attackweb application attackweb application exploitationweb application scanweb application scanningweb brute forceweb developmentweb exploitationweb hostingweb securityweb spamweb trafficweb_service_scanningwifi deauthentication attackwin32 malwarewindows malwarewindows ntwine emulatorwireless attackwritex appleyarayara detectionsyara signature
Activity Timeline
Jun 9Jun 9
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
34
Reports
First seenApr 5, 2023
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationWarsaw, Minnesota
ASNAS210558
Org1337 Services GmbH
Coords52.3824, 4.8995
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- inetnum: 45.138.16.0 - 45.138.16.255 netname: LEET-45-138-16-0 country: PL geofeed: https://rdp.sh/geofeed org: ORG-SG413-RIPE admin-c: SGAH5-RIPE tech-c: SGAH5-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2025-04-23T17:54:53Z source: RIPE organisation: ORG-SG413-RIPE org-name: 1337 Services GmbH org-type: OTHER address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany abuse-c: SGAH5-RIPE mnt-ref: PREFIXBROKER-MNT mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2022-05-24T17:54:14Z source: RIPE # Filtered role: 1337 Services GmbH abuse handling address: Ludwig-Erhard-Str. 18 address: DE-20459 Hamburg address: Germany nic-hdl: SGAH5-RIPE mnt-by: PREFIXBROKER-MNT created: 2022-05-24T17:54:14Z last-modified: 2022-05-24T17:54:14Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 45.138.16.0/24 origin: AS201814 mnt-by: PREFIXBROKER-MNT created: 2022-05-25T12:12:56Z last-modified: 2022-05-25T12:12:56Z source: RIPE route: 45.138.16.0/24 origin: AS210558 mnt-by: PREFIXBROKER-MNT created: 2022-10-27T09:51:06Z last-modified: 2022-10-27T09:51:06Z source: RIPE
- references
- https://raw.githubusercontent.com/platformbuilds/Tor-IP-Addresses/refs/heads/master/tor-exit-nodes.lst, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://check.torproject.org/torbulkexitlist, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 2 days ago
Appeared in 34 threat reports