IOC Radar
IPMediumSignal 81/100

185.142.236.41

Location
NetherlandsNetherlands
Amsterdam, NH
ASN
AS12989
BlackHOST Ltd.
First Seen
Dec 24, 2021
Last Seen
Jun 21, 2026
Dec 24
First Seen
1639d ago
Jun 21
Last Seen
today
26
Reports
source reports
81%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

76 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, NH
ASNAS12989
OrganizationBlackHOST Ltd.

IP Category

VPN
VPN exit node

Feed Intelligence Summary

26 reports81% confidence
26
Source reports
81%
Confidence score
Category tags
abuseabuseipdbaccess attemptaccount compromiseactive scanactive scanningadbadb attacksadb protocoladbhoney honeypotand exploitation attemptsandroid device attacksanomalous network connectionsaptasiaattackattacker-ipaustraliaauthentication abuseauthentication attacksauthentication brute forceauthentication failureautomated attackbad reputationbad web botbankingbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute-force-ftpbrute-force-sshbrute-force-webbrute_forcebruteforcec2c2 communicationc2 trafficchina mobileciscocisco attackcisco devicecisco device attackscisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand-injectioncommon credential attackcommunication protocolcompany limitedcompromised credentialscompromised hostconpotconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredit card servicesdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackddos attacksddos attemptddos preparationdecoy systemdefense evasiondenial of servicedenial-of-service attemptdevice managementdigital oceandionaeadionaea activitydionaea capturedionaea honeypotdionaea interactionsdirectory traversaldirectory-bruteforcedistributed attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfailed loginfattfatt signaturesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp attacksftp brute forcegeneric exploitgermanygovernment technologyhackingheralding behaviorhk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationindicatorindustrial control systemsinformation gatheringinformation technologyinitial accessinitial access attemptinitial-accessinitial_accessinjection activityinjection attacksinput validationintrusion detectioniociot attacksiot securityiot systemsiot targetediot/ics attackip-addressipv4ipv4 threatsit infrastructurelamplamp attacklamp exploitation attemptslamp stack targetinglamp vulnerability scanlateral movementload balancerlogin attacklogin attemptmail protocol abusemailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware download attemptsmobile threatmodbusmodbus attacksmodbus protocolmulti-protocol network scanningmysql brute forcenetherlandsnetworknetwork device attacksnetwork device probingnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-devicesnetwork_devicenlnorth americaoceaniaopenctiopportunistic attackot attacksp0fp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword-guessingpayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible malware distributionpossible malware propagationpotential malicious activitypotential malware activityprivilege escalationprobingprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarerdp scanningreconnaissancereconnaissance activityredis honeypotredishoneypotregulatory agenciesremote accessremote servicesresearchedresource hijackings7comms7comm attackss7comm protocolsansscannerscannersscanningscanning activityscheduled taskscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsservice scanseychellessftpsftp access attemptsftp activitysftp attacksftp attemptsftp protocolshodan_io-benignsipsip attackssip brute forcesip protocolsip scansip scanningsmb attackssmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentsoftware exploitationspamspam distributionsql injectionsql-injectionsshssh attackssh monitoringssh protocolsurface websuricata alertssyn scansystem accesst1003t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1083t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1136.001t1187t1189t1190t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1547t1555t1556t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1589t1589.002t1590t1592t1592.004t1595t1595.001t1595.002t1595.003t1608tannertanner interactionstargeting databasetcp scantcp/80telecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpottpotcetsecudp scanunattributed threat actorunauthenticated access attemptsunauthorized access attemptunited kingdomunited statesunknown threat actorus abuseus nonevalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip attacksvpnvpn ipvulnerabilityvulnerability scanvulnerability-exploitationvulnerability-scanvulnerability-scanningvultrwafwealth managementweb app attackweb application attackweb application scanweb attackweb attacksweb exploitweb exploitationweb scannerweb server attacksweb server probingweb serversweb service scanningweb spamweb trafficweb-attackweb-serversweb_applicationwebscanwebscannerxss

Activity Timeline

1 total obs
Jun 21Jun 21

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
26
Reports
First seenDec 24, 2021
Last seenJun 21, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, NH
ASNAS12989
OrgBlackHOST Ltd.
Coords52.4059, 4.8298
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 185.142.236.0 - 185.142.236.255 netname: BlackHOST-CLOUD descr: Black.HOST CLOUD Network descr: Specially crafted and optimized for bandwidth hungry applications descr: Direct all copyright, legal, spam and abuse complaints to: descr: https://black.host/legal/abuse country: NL org: ORG-BLCK1-RIPE admin-c: ABUS-BH tech-c: SPRT-BH status: ASSIGNED PA mnt-by: BlackHOST-LTD created: 2016-03-29T13:14:40Z last-modified: 2025-06-23T18:55:42Z source: RIPE organisation: ORG-BLCK1-RIPE org-name: Black HOST Ltd. descr: descr: Take advantage of the best deal of bandwidth on the planet. descr: UNMETERED Dedicated & VPS Servers, Premium web & email hosting descr: Check out our offer on: https://black.host descr: language: EN org-type: OTHER address: Rue de Jargonnant 2, 1207 Geneva, Switzerland admin-c: CREW-BH abuse-c: ABUS-BH tech-c: SPRT-BH mnt-ref: BlackHOST-LTD mnt-by: BlackHOST-LTD created: 2016-03-08T13:27:08Z last-modified: 2021-02-19T09:18:08Z source: RIPE # Filtered role: BlackHOST Abuse Team address: Switzerland abuse-mailbox: [email protected] remarks: remarks: Direct all copyright, legal, spam and abuse complaints to: remarks: https://black.host/legal/abuse remarks: nic-hdl: ABUS-BH mnt-by: BlackHOST-LTD created: 2016-03-07T16:25:43Z last-modified: 2017-12-19T21:48:20Z source: RIPE # Filtered role: BlackHOST Support Team address: Switzerland nic-hdl: SPRT-BH mnt-by: BlackHOST-LTD created: 2016-03-08T21:06:19Z last-modified: 2016-03-12T13:38:04Z source: RIPE # Filtered
references
https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-25/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-15/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://www.virustotal.com/gui/collection/a4c38dc13a91da98a9f3a7f1c46c9aaeaa4d713d113c68c71fdf89837667717d, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7237109848050393090-gB1Z?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7227347897044910081-Et79?utm_source=share&utm_medium=member_desktop, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen today
Appeared in 26 threat reports