IPMediumSignal 77/100
130.12.180.134
Location
NetherlandsAmsterdam, Kentucky
ASN
AS202412
Virtualine Technologies
First Seen
Dec 20, 2025
Last Seen
Jun 19, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionAmsterdam, Kentucky
ASNAS202412
OrganizationVirtualine Technologies
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
17 reports77% confidence
17
Source reports
77%
Confidence score
Category tags
abuseabuse.ch threatfoxabusech-threatfox-c2cabusech-urlhaus-c2cabuseipdbaccess controlaccount compromiseactive scanactive scanningalienvault_ransomwareapplication layer protocolaptasyncratasyncrat activityasyncrat c2attackaustraliaauto-generatedauto-updatedbad reputationbad web botblacklist candidateblocked-ipsbotnetbotnet activitybrand weaponizationbrute forcebrute force attackbrute force attacksbrute-forcec2c2 activityc2 communicationc2 frameworkc2 infrastructurec2 infrastructure discoveryc2-infrastructurecanadacisco devicecisco exploitationcisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescobalt-strikecommand & controlcommand and controlcommand-and-controlcommunication protocolcommunication securitycompromise assessmentcompromised hostconnected devicescowriecowrie activitycowrie honeypotcredential accesscredential dumpingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threat advisorycyber threatsdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attack indicatorsddos attacksddos preparationdedecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdistributed attackselectronic health recordselfencryptionenterprise networkingeuropeexecutable fileexfiltration attemptexploit kit activityexploit public-facing applicationexploitation activityexploited hostextortionfattfinancefinancial servicesftp brute forcegermanygithubgootloadergootloader activitygootloader c2hackinghealth care and social assistancehealth information technologyhealthcare information systemshigh bde scorehoneytrap honeypothospital managementhttp brute forcehttpsidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial iotinfected systeminformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociocsiot analyticsiot applicationsiot botnetiot exploitationiot malwareiot platformsiot securityiot/ics attackisp-reputationit infrastructurekaijilamplamp exploitationlamp exploitation attemptslummastealermailoney honeypotmalicious activitymalicious domainmalicious domain communicationmalicious infrastructuremalicious ip activitymalicious ip communicationmalicious linksmalicious softwaremalicious url activitymalwaremalware activitymalware activity detectedmalware activity detectionmalware analysismalware behaviourmalware campaignmalware campaign detectionmalware capturemalware distributionmalware distribution campaignmalware trafficmedical servicesmirai botnetmirai botnet activitymirai c2mitre-attackmssql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork traffic analysisnlnorth americaoceaniaosintosint-volleyp0fpassword attackspatient carepattern-32pattern-38phishingphishing attackphishing trapping of deathportscanprocess injectionprotocol exploitationproxyquasar ratransomwareransomware activityransomware threat intelligenceratrat activityreconnaissanceredlineremcos trojanremote accessremote access toolremote access trojanremote servicesresearchedresidential proxyresource hijackingsalatstealerscanscannerscannerssecurity operationssecurity policyself-signed certificateself-signed certificatesself-signed-certificatesensor-taggedsentrypeer activitysentrypeer botnetservice scansftp attacksftp attemptsip scanningsmart devicessmb brute forcesmtp brute forcesoftware developmentsql injection attemptssshssh attackssh monitoringsslssl enrichmentssl-enrichmentssl/tls enrichmentstealcstealerstix 2.1stix-2.1supply chain attacksupply-chainsystem disruptiont1003t1005t1016t1016.001t1018t1021t1021.001t1021.004t1027t1036.006t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.003t1071t1071.001t1071.004t1078t1083t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1140t1190t1195.002t1203t1204t1204.001t1204.002t1219t1486t1490t1496t1497t1497.001t1498t1499.001t1499.002t1499.003t1528t1539t1547t1547.001t1555.003t1565t1566t1566.001t1566.003t1571t1573t1573.001t1583.006t1585t1586t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocolteam cymrutelecommunicationstelnet threatthreat actorthreat actor ttpsthreat detectionthreat intelligencethreat preventionthreat-intelligencethreatfox apithreatfox feedtor nodetpotua-wgetunited statesunknown-malwarevidarvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb exploitationweb security
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
17
Reports
First seenDec 20, 2025
Last seenJun 19, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, Kentucky
ASNAS202412
OrgVirtualine Technologies
Coords38.1466, -85.5881
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=NL; ports=3394 Location=Sydney, Australia.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 6 months ago · Last seen 5 days ago
Appeared in 17 threat reports