IOC Radar
IPMediumSignal 65/100

117.55.202.152

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS3920
ESTOXY OU
First Seen
Jan 25, 2026
Last Seen
May 1, 2026
Jan 25
First Seen
147d ago
May 1
Last Seen
51d ago
9
Reports
source reports
65%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

26 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS3920
OrganizationESTOXY OU

Feed Intelligence Summary

9 reports65% confidence
9
Source reports
65%
Confidence score
Category tags
abuseactive scanactive scanningafghanistanattackaustraliabad reputationbad web botbotnetbotnet activitybrute forcebrute force attackcisco devicecisco exploitation attemptscommand and controlcommunication protocolconnected devicesconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotelasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploitexploitation activityexploitation attemptsexploited hostfattftp brute forcehackinghoneytrap honeypothttp brute forceics securityidentity & access exploitationindicatorindustrial control systemsindustrial iotinternet of thingsintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot/ics attackipphoney honeypotlamplateral movementmailoney honeypotmalicious activitymalicious network activitymalicious trafficmalwaremalware behaviourmalware capturenetherlandsnetworknetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynloceaniaopenctip0fpassword attacksphishingphishing attackphishing trapprotocol exploitationransomwarereconnaissanceresearchedresource hijackingscannerscanning activityscripting attacksself-signedsensor-taggedsentrypeer botnetsftp attacksftp attemptsip scanningsmart devicessmtp brute forcesocial engineeringsocradar honeypotspamssh attackssh monitoringt1021t1040t1041t1059t1059.007t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1496t1499.001t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotvoipvoip attackweb app attackweb application attackweb attackweb exploitationweb spam

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
9
Reports
First seenJan 25, 2026
Last seenMay 1, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS3920
OrgESTOXY OU
Coords52.3759, 4.8975

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=NL; ports=80 Location=Sydney, Australia.
raw
inetnum: 117.55.202.0 - 117.55.202.255 netname: ESTOXY-AMS1-DSRV-01 country: NL org: ORG-EO76-RIPE geoloc: 52.370216 4.895168 geofeed: https://geofeed.estoxy.ee/geofeed.csv admin-c: ESTX1-RIPE tech-c: ESTX1-RIPE status: ASSIGNED PA mnt-by: ESTOXY-MNT created: 2023-09-25T13:24:20Z last-modified: 2025-12-26T16:50:47Z source: RIPE organisation: ORG-EO76-RIPE org-name: ESTOXY OU country: EE org-type: LIR address: Tornimae tn 3 // 5 // 7 address: 10145 address: Tallinn address: ESTONIA phone: +372 8801117 admin-c: ESTX1-RIPE tech-c: ESTX1-RIPE abuse-c: AR48531-RIPE mnt-ref: ESTOXY-MNT mnt-ref: interlir-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: ESTOXY-MNT created: 2023-08-14T11:29:18Z last-modified: 2026-01-16T14:01:44Z source: RIPE # Filtered role: ESTOXY OU Network Administrator address: Tornim�e tn 3 // 5 // 7 address: 10145 address: Tallinn address: Estonia abuse-mailbox: [email protected] nic-hdl: ESTX1-RIPE mnt-by: ESTOXY-MNT created: 2020-02-22T17:25:23Z last-modified: 2024-08-22T13:38:55Z source: RIPE # Filtered route: 117.55.202.0/24 origin: AS3920 mnt-by: ESTOXY-MNT created: 2023-09-25T13:27:52Z last-modified: 2023-09-25T13:27:52Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 1 month ago
Appeared in 9 threat reports