IPMediumSignal 100/100
185.142.236.34
Location
The NetherlandsAmsterdam, North Holland
ASN
AS12989
BlackHOST Ltd.
First Seen
Aug 26, 2020
Last Seen
Jun 11, 2026
Found in 45 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryThe Netherlands
The NetherlandsRegionAmsterdam, North Holland
ASNAS12989
OrganizationBlackHOST Ltd.
IP Category
⬢
Hosting
Hosting provider
Feed Intelligence Summary
45 reports99% confidence
45
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityack scanactionactive scanactive scanningadbhoney activityadbhoney honeypotadministrative accessadvertising campaignadvertising spamalaskaapplication layer protocolasiaattachment phishingattackautomated emailbanner grabbing attemptbase64base64 encodingbecbeningbening scannerblacklist candidateblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute_forcebulk emailbulk messagingc2certcisco devicecisco device attackcisco device targetedcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptscitrix securitycode executioncommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised credentialscompromised credentials attemptconfigconnectconnect scanconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie attackcowrie detected activitycowrie honeypotcowrie interactionscowrie sshcowrie ssh attackcredential accesscredential harvestingcredential phishingcredential stuffingcredential theftcredential_accesscssctacve exploitation attemptdata encryptiondata exfiltrationdata exfiltration attemptdata scrapingdatabase exploitationdatabase securitydcom exploitationddos attacksdecoy systemdefense evasiondelhidenial of servicedevice managementdictionary attackdionaeadionaea activitydionaea attackdionaea honeypotdionaea malware collectiondionaea malware detectiondirectory traversaldirectory traversal probedistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingenterprise securityenumerationenumeration attempteuropeexploitexploit attemptexploit attemptsexploit probingexploit scanexploit targetingexploit: web applicationexploitationexploitation attemptsexploitation of privilegeexternal network scanexternal scanfin port scanfin scanfinancefirewall detectionfraudftpftp attacksftp brute forceftp scangithubgroupshackingheralding activityhoneytrap activityhoneytrap honeypothttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpsicmpics securityillegal service advertisingimapimap attackindiaindia phone numbersindia spamindicatorindustrial control systemsinfoinformation gatheringinfrastructure acquisitionreconnaissanceinitial_accessinjection attacksinput validationinternet of thingsintrusion detectioniot botnetiot/ics attackipphoney honeypotlajpat nagarlamplamp attacklamp exploitlamp exploitation attemptlamp exploitation attemptslamp stack attacklateral movementlinuxload balancermail service attackmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious campaignmalicious code detectionmalicious emailmalicious email activitymalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious sshmalicious_activitymalicious_trafficmalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware distribution attemptsmalware download attemptmalware propagationmalware propagation attemptsmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive port scanmicrosoft technologiesmirai botnetmysql brute forcenetherlandsnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork_intrusionnetwork_scannlnmapnmap scan detectednorth americanull port scannull scanopen port detectionopen port enumerationoperating systemoperating system securityos detectionos fingerprintingpasswordpassword attackpassword attackspassword cracking attemptspassword sprayingpassword theftpayment fraudphishingphishing attackphishing campaignphishing trapphone number spamphone spampingpossible exploit attemptspossible malicious activitypossible malware payloadpossible reconnaissance activitypossible vulnerability probingpotential botnet activitypotential exploit targetingpotential intrusion attemptpotential malware deploymentpotential malware distributionpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprice requestprice request scamprivilege escalationprocess injectionprotocol exploitationproxypythonreconnaissancereconnaissance activityredis honeypotredishoneypotredishoneypot activityremote accessremote access attemptsremote servicesremote_serviceresearchedresource hijackingrpcsansscamscanscannerscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetsentrypeer p2p attackserverservice detectionservice discoveryservice enumerationservice probingservice version detectionsex services advertisementsex workseychellessftpsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp scanningshodan_io-benignsipsip brute forcesip scansip scanningslugsmb brute forcesmb probingsmb scanningsmssms spamsms spam campaignsmtpsmtp attackersmtp brute forcesmtp probingsocial engineeringsocradarsoftware exploitationspamspam advertisementspam campaignsql injection attemptsql injection probesshssh attackssh monitoringssh scanstealth scansurface websuspected malicious activitysynsyn port scansyn scant1003t1003.001t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1021.006t1021.007t1027t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1192t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1550.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1583t1583.006t1584t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.002t1591t1592t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertanner activitytanner attacktanner detected activitytanner web attacktariff server compromisetariff server themetariffs servertcptcp protocoltcp scanningtelecommunicationstelephone harassmenttelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotcetsecudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized probingunauthorized scanningunited statesunknown threat actorunsolicited communicationunsolicited contactus-akverified-benignvnc protocolvoipvoip attackwafweb application attacksweb attackweb exploitationweb scannerweb trafficwetransfer abusexmas port scanxmas scanxss
Activity Timeline
Jun 11Jun 11
Threat Activity Heatmap
· Peak: 2026-06-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
45
Reports
First seenAug 26, 2020
Last seenJun 11, 2026
GeolocationNL
CountryThe Netherlands
LocationAmsterdam, North Holland
ASNAS12989
OrgBlackHOST Ltd.
Coords52.3676, 4.9041
Hosting
VirusTotal
Not checked
WHOIS
- description
- Webscanners who's requests resulted in HTTP Status code 400 due to WAF rules or LB parsing issues
- raw
- inetnum: 185.142.236.0 - 185.142.236.255 netname: BlackHOST-CLOUD descr: Black.HOST CLOUD Network descr: Specially crafted and optimized for bandwidth hungry applications descr: descr: Direct all copyright, legal, spam and abuse complaints to: descr: https://black.host/legal/abuse descr: country: NL org: ORG-BLCK1-RIPE admin-c: ABUS-BH tech-c: SPRT-BH status: ASSIGNED PA mnt-by: BlackHOST-LTD created: 2016-03-29T13:14:40Z last-modified: 2017-12-16T17:30:08Z source: RIPE mnt-routes: COGENT-ROUTE-MNT organisation: ORG-BLCK1-RIPE org-name: Black HOST Ltd. descr: descr: Take advantage of the best deal of bandwidth on the planet. descr: UNMETERED Dedicated & VPS Servers, Premium web & email hosting descr: Check out our offer on: https://black.host descr: language: EN org-type: OTHER address: Rue de Jargonnant 2, 1207 Geneva, Switzerland admin-c: CREW-BH abuse-c: ABUS-BH tech-c: SPRT-BH mnt-ref: BlackHOST-LTD mnt-by: BlackHOST-LTD created: 2016-03-08T13:27:08Z last-modified: 2021-02-19T09:18:08Z source: RIPE # Filtered role: BlackHOST Abuse Team address: Switzerland abuse-mailbox: [email protected] remarks: remarks: Direct all copyright, legal, spam and abuse complaints to: remarks: https://black.host/legal/abuse remarks: nic-hdl: ABUS-BH mnt-by: BlackHOST-LTD created: 2016-03-07T16:25:43Z last-modified: 2017-12-19T21:48:20Z source: RIPE # Filtered role: BlackHOST Support Team address: Switzerland nic-hdl: SPRT-BH mnt-by: BlackHOST-LTD created: 2016-03-08T21:06:19Z last-modified: 2016-03-12T13:38:04Z source: RIPE # Filtered route: 185.142.236.0/24 origin: AS174 descr: BlackHOST Ltd. mnt-by: COGENT-ROUTE-MNT created: 2016-04-08T09:21:34Z last-modified: 2016-04-08T09:23:44Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 15 days ago
Appeared in 45 threat reports