IOC Radar
IPMediumSignal 70/100

160.119.76.43

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS49870
HostUS Solutions LLC
First Seen
Mar 13, 2026
Last Seen
Jun 18, 2026
Mar 13
First Seen
107d ago
Jun 18
Last Seen
11d ago
21
Reports
source reports
70%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS49870
OrganizationHostUS Solutions LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

21 reports70% confidence
21
Source reports
70%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningafricaasiaattackattack-vector: brute-forceattacker-ipaustraliaauthentication abuseauthentication_failuresautomated attacksautomated threatbad reputationbad web botblocklist_allbotnetbotnet activitybotnet attacksbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcecisco devicecivil servicescloud infrastructurecloud infrastructure attackcloud servicescloud-environmentcommand and controlcommand executioncommunication protocolconfig manipulationcowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-accesscredential_stuffingcron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploited hostexternal access attemptsfattfraud voipftpftp attacksftp brute forceftp brute-forcegovernment technologyhackinghoneytrap honeypothttp exploitationhttp scannerhttp scanninghttp/sidentity & access exploitationimapimap attackindicatorindicators of compromiseinformation technologyinjection activityinjection attacksintrusion detectionioc-type: ipv4iot botnetiot securityiot targetedipv4it infrastructurelamplamp stacklateral movementlinux serverslinux systemsmailoney honeypotmalaysiamalicious activitymalicious ipmalicious ip activitymalicious ip addressesmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmiraimodule loadingmssqlnetherlandsnetworknetwork device probingnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnloceaniaopen proxyopportunistic attackp0fpassword attackspassword_guessingphishingphishing attackphishing trapping of deathprotocol exploitationprotocol: redisproxypublic administrationpublic infrastructurepublic policypublicly accessible infrastructureransomwarercerdp attacksreconnaissanceredisregulatory agenciesremote accessremote access attacksremote servicesremote_accessresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scanservice scanningseychellessftp attacksftp attackssip attackssip brute forcesip scanningslaveofsmbsmb exploitationsmtpsmtp attackersmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth africaspamspammingsql injectionsshssh attackssh attacksssh key injectionssh monitoringsystem accesst-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1059t1059.003t1059.004t1059.005t1071.001t1076t1077t1078t1078.004t1090.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1550.002t1563t1566t1566.001t1566.002t1566.003t1566.004t1574.001t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertarget-service: databasetargeting databasetcptelecommunicationstelnettelnet attackstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunattributed threat actorvoidtrapvoipvoip attackvulnerabilityvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb exploitweb exploitationweb service scanningweb spamweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
21
Reports
First seenMar 13, 2026
Last seenJun 18, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS49870
OrgHostUS Solutions LLC
Coords52.3676, 4.9041
Proxy

VirusTotal

Not checked

WHOIS

description
Observed authentication attempts via ssh, telnet against Cowrie/Heralding honeypots in Australia. Total events observed: 4. Sensors involved: Cowrie. Target ports: 22, 23. Source country: SC. ASN(s): 49870. Organisation(s): Alsycon B.V..

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 11 days ago
Appeared in 21 threat reports