IOC Radar
IPMediumSignal 64/100

45.154.98.43

Location
NetherlandsNetherlands
Lelystad, HCW
ASN
AS210558
1337 Services GmbH
First Seen
Apr 18, 2022
Last Seen
Jun 8, 2026
Apr 18
First Seen
1513d ago
Jun 8
Last Seen
2d ago
24
Reports
source reports
64%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryNLNetherlands
RegionLelystad, HCW
ASNAS210558
Organization1337 Services GmbH

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

24 reports64% confidence
24
Source reports
64%
Confidence score
Category tags
abuseipdbaccess controlactive scanactive scanningapacheapache attackerasiaauto-blockedauto-generatedauto-updatedautomated-detectionbad reputationbad web botblocked-ipsblocklist_allblog spambotnet activitybotnet-fingerprintbrand weaponizationbrute forcebrute force attackcommand and controlcredential accesscredential stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threatsdata exfiltrationdata store exposuredatabase securitydatabase-verifiedddosdecoy systemdenial of servicedns attackdnsblelectronic health recordsencryptioneuropeexploitation activityexploited hostfinancefinancial servicesgithubhackinghealth care and social assistancehealth information technologyhealthcare information systemshong konghospital managementidentity & access exploitationindicatorinformation technologyinfostealerinjection activityinjection attacksisp-reputationit infrastructuremalicious ip activitymalwaremedical servicesmitre-attacknetherlandsnetworknetwork probingnlopenctipassword attackspatient carepattern-32pattern-38phishingproxyransomwarereconnaissanceresearchedresidential proxyresource hijackingscannersecurity policyservice scansoftware developmentspamssh attackssl-enrichmentssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply-chaint1016t1016.001t1027t1036.006t1059.001t1059.003t1071t1071.001t1078t1090t1102t1110t1110.001t1110.002t1110.003t1110.004t1140t1190t1195.002t1203t1486t1496t1499.001t1499.002t1547.001t1555.003t1566.001t1573t1583.006t1585t1586t1595t1595.001t1595.002t1595.003team cymruthreat intelligencethreat preventionthreat-intelthreat-intelligencetortor nodetsecvpnweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
24
Reports
First seenApr 18, 2022
Last seenJun 8, 2026
GeolocationNL
CountryNetherlands
LocationLelystad, HCW
ASNAS210558
Org1337 Services GmbH
Coords22.2908, 114.1501
ProxyVPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 45.154.98.0 - 45.154.98.255 org: ORG-SG394-RIPE netname: DE-1337SERVICES-20211028 country: NL admin-c: SN9633-RIPE tech-c: SN9633-RIPE status: SUB-ALLOCATED PA mnt-by: SERVPERSO-MNT mnt-by: lir-de-1337services-1-MNT created: 2022-03-08T22:43:10Z last-modified: 2023-11-05T14:04:32Z source: RIPE descr: 1337 Services GmbH organisation: ORG-SG394-RIPE org-name: 1337 Services GmbH country: DE org-type: LIR address: Ludwig-Erhard-Str. 18 address: 20459 address: Hamburg address: GERMANY phone: +4941218302498 admin-c: SN9633-RIPE tech-c: SN9633-RIPE abuse-c: AR65902-RIPE mnt-ref: lir-de-1337services-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-de-1337services-1-MNT created: 2021-10-27T09:01:37Z last-modified: 2023-08-02T16:51:03Z source: RIPE # Filtered mnt-ref: HYBULA-MNT mnt-ref: CANKI-MNT mnt-ref: SERVPERSO-MNT role: 1337 Services NOC address: GERMANY address: Hamburg address: 20459 address: Ludwig-Erhard-Str. 18 phone: +4941218302498 nic-hdl: SN9633-RIPE mnt-by: lir-de-1337services-1-MNT created: 2021-10-27T09:01:36Z last-modified: 2023-08-02T16:50:34Z source: RIPE # Filtered route: 45.154.98.0/24 origin: AS210558 mnt-by: SERVPERSO-MNT mnt-by: lir-de-1337services-1-MNT mnt-by: HYBULA-MNT created: 2022-03-08T22:45:21Z last-modified: 2022-03-08T22:45:39Z source: RIPE
references
https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com, https://analytics.dugganusa.com/api/v1/stix-feed, https://www.dugganusa.com, https://analytics.dugganusa.com/v2, https://www.dugganusa.com/post/from-1-to-5-how-we-mapped-a-post-operation-endgame-c2-infrastructure, https://www.dugganusa.com/post/we-found-their-server-pattern-38-c2-infrastructure-exposed, https://www.dugganusa.com/post/pattern-43-the-password-is-in-the-filename, https://www.dugganusa.com/post/stealc-rhadamanthys-anatomy-of-a-github-supply-chain-infostealer, https://www.dugganusa.com/post/pattern-38-github-supply-chain-attacks-use-stolen-developer-credentials-from-2023-breaches, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://lists.blocklist.de/lists/mail.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 2 days ago
Appeared in 24 threat reports