IPMediumSignal 25/100

`141.98.80.144`

Location

Netherlands

Amsterdam, North Holland

ASN

AS43350

Cloud CDN

First Seen

Feb 5, 2025

Last Seen

Apr 7, 2026

Feb 5

First Seen

493d ago

Apr 7

Last Seen

67d ago

Reports

source reports

25%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

25%

Signal Score

25 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

37 techniques

Network Information

Country

Netherlands

RegionAmsterdam, North Holland

ASNAS43350

OrganizationCloud CDN

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

8 reports25% confidence

Source reports

25%

Confidence score

Category tags

abuseaccessactive scanactive scanningattackauthentication attemptsbad reputationbebelgiumbotnetbotnet activitybrute forcebrute force attackcisco devicecommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdistributed attacksemailenterprise networkingeuropeexploitation activityftpftp brute forcegithubgroupshackinghoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationimapinformation technologyinjection activityinjection attacksipv4it infrastructurelamplateral movementmailoney honeypotmalicious activitymalicious softwaremalwarenetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficpanamapassword attackpassword attacksphishingphishing attackphishing trappossible intrusion attemptpotential malicious activityprocess injectionprotocol exploitationproxypythonreconnaissanceremote accessremote servicesresearchedscannerscriptservice enumerationsftpsftp attackslugsmtpsmtp brute forcesocial engineeringsoftware developmentsshssh attackssh monitoringsurface websynt1018t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1071.001t1076t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tcp protocoltelnet threattftpthreat actorthreat detectiontor nodeunauthorized access attemptsunidentified attackervpnweb traffic

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This report details an Indicator of Compromise (IOC), specifically an IPv4 address, that warrants immediate attention due to its established association with aggressive and potentially damaging adversarial tactics. With a threat score of 25.32, this IOC is not considered benign and suggests a moderate risk level for any organization it targets. Observations from multiple threat intelligence feeds and honeypot data indicate this IP address has been involved in activities such as brute-forcing, cr…

Threat ScoreLow Risk

SIGNAL

Signal Score

25%

Confidence

Reports

First seenFeb 5, 2025

Last seenApr 7, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, North Holland

ASNAS43350

OrgCloud CDN

Coords9.0000, -80.0000

VPN

VirusTotal

Not checked

WHOIS

description: Unknown source type: h0neytr4p
raw: Socket not responding: [Errno 111] Connection refused
references: https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 1 year ago · Last seen 2 months ago

Appeared in 8 threat reports