IOC Radar
IPMediumSignal 100/100

109.236.61.99

Location
NetherlandsNetherlands
Amsterdam, CA
ASN
AS213438
ColocationX Ltd
First Seen
Jan 26, 2025
Last Seen
Mar 20, 2026
Jan 26
First Seen
503d ago
Mar 20
Last Seen
84d ago
18
Reports
source reports
99%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, CA
ASNAS213438
OrganizationColocationX Ltd

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningattackauthentication abusebotnetbrute forcebrute force attackbrute force attemptcommand and controlcommunication protocolcowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingctadata exfiltrationddos attacksdecoy systemdistributed attacksgithubhoneytrap honeypotindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attacklamploginlogin attackmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremirai botnetmysqlnetherlandsnetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnginxnlnorth americapassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonreconnaissanceremote servicesresearchedscanscannersecurity policyserversftpsftp attacksftp exploit attemptslugsocial engineeringsocradar honeypotsshssh attackssh monitoringsurface webt1021t1021.002t1021.004t1040t1041t1046t1055t1056.001t1059.001t1071.001t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionunauthorized access attemptunited statesusweb scanner

Activity Timeline

1 total obs
Mar 20Mar 20

Threat Activity Heatmap

· Peak: 2026-03-20
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenJan 26, 2025
Last seenMar 20, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, CA
ASNAS213438
OrgColocationX Ltd
Coords34.0584, -118.2780

VirusTotal

Not checked

WHOIS

description
2025-02-21T04:02:16.787Z Honeypot : Cowrie : Source: 109.236.61.99 Data: Connection lost after 0 seconds
raw
NetRange: 109.0.0.0 - 109.255.255.255 CIDR: 109.0.0.0/8 NetName: 109-RIPE NetHandle: NET-109-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2009-01-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/109.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 18 threat reports