IPMediumSignal 58/100

`130.12.180.52`

Location

Netherlands

Amsterdam, North Holland

ASN

AS202412

Virtualine Technologies

First Seen

Dec 22, 2025

Last Seen

Jun 5, 2026

Dec 22

First Seen

176d ago

Jun 5

Last Seen

11d ago

Reports

source reports

58%

Confidence

medium

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

58%

Signal Score

58 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

63 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS202412

OrganizationVirtualine Technologies

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

16 reports58% confidence

Source reports

58%

Confidence score

Category tags

abuseaccess attemptsaccess controlaccount compromiseackactive reconnaissanceactive scanactive scanningadbhoney honeypotagentalertapacheaptasiaattackattack attemptattack source ipattack vectorsattacker ipattacker-ipaustraliaauthentication attackauthentication attemptsautomated activityautomated attackautomated attack attemptsautomated attacksautomated multi-vector probingautomated threatautomated-attackbad reputationbad web botblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2canadachinacins activeciscocisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloud-infrastructurecloud_infrastructurecnccode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostcompromised hostsconnect scancowriecowrie attackscowrie honeypotcowrie interactionscowrie logscredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-bruteforcingcredential-harvestingcredential_accesscredential_attackcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos preparationdedecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipdionaeadionaea attacksdionaea honeypotdirectory traversaldistributed attacksdnsdns attackdshield blockencryptionenterprise networkingenumerationenv-huntinget dropeu cyber policieseuropeexploitexploit attemptexploit attemptsexploit public-facing applicationexploitationexploitation activityexploited hostexploitsexternal access attemptsexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfattfin scanfranceftpftp brute forceftp scanftp scanningftp_scangalahgermanyhackinghoneytrap datahoneytrap honeypothttphttp brute forcehttp scanhttp scannerhttp scanninghttp/shttp_scanhttpshttps scanningicmpidentity & access exploitationinbound scanindicatorindicators of compromiseinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access attemptinitial access preparationinitial access vectorinitial-accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniocioc.ipiocsiot botnetiot securityiot targetediot/ics attackip-addressip-addressesipv4ipv4 addressesipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4-addressesipv4-iocipv4_activityipv4_addressipv4_scanningjapanlamplamp attacklamp exploitation attemptslamp server attacklamp stack targetinglateral movementlcialinux serverslinux systemslinux_server_attackslisted sourcelogin attacklogin attemptlogin_attemptlondonmailoney honeypotmalicious activitymalicious activity detectedmalicious infrastructuremalicious ipmalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware_activitymass scanningmelbourne regionmiraimirai botnetnetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-attacknetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnginxnlnorth americanull scanoceaniaopen port detectionopen proxyopen_port_discoveryopenctiopportunistic attackopportunistic attackeropportunistic-attackp0fparispassword attackpassword attackspassword_attackperimeter securityphishingphishing attackphishing trappingping of deathpoor reputationportport-scanport-scanningportscanpossible exploit attemptspossible malware distributionpossible mirai variantpossible reconnaissance activitypotential botnetpotential threat actorpotential vulnerability probingprocess injectionprotoprotocol exploitationproxyproxy protocolpublic cloud targetingransomwarerdp scanrdp scanningrdp_scanreconnaissancereconnaissance activityregional securityremote accessremote code executionremote servicesresearchresearchedresource hijackingscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationserver securityservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftpsftp access attemptsftp attacksingaporesip scanningsmb scansmb scanningsmtpsmtp brute forcesmtp scansocial engineeringspamsql injectionsql-injectionsshssh attackssh monitoringssh scanssh scanningssh-brutessh_scansynsyn scant-pott1016t1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1583t1589t1590t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.001: vulnerability scanningt1595.002t1595.003t1595.003: port scanningt1595: active scanningta0043: reconnaissancetannertargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtcp/iptcp_scantelecommunicationstelnet scantelnet scanningtelnet threatthreat actorthreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_intelligencetokyotor nodetorontotpotudp port scanudp scanudp-scanningudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized probingunited kingdomunited statesunknown actorunknown threat actorvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr tokyovultr-platformweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitationweb spamweb trafficweb-attackweb_attackxmas scanxss

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

58%

Confidence

Reports

First seenDec 22, 2025

Last seenJun 5, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS202412

OrgVirtualine Technologies

Coords43.6319, -79.3716

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: Netiface LLC PRIVATE-NETWORK (NET-130-12-180-0-1) 130.12.180.0 - 130.12.183.255 Virtualine Technologies LANEDONET (NET-130-12-180-0-2) 130.12.180.0 - 130.12.180.255
references: https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-26/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-23/

`130.12.180.52`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy